fedora-selinux June 2009 archive
Main Archive Page > Month Archives  > fedora-selinux archives
fedora-selinux: SELinux and gitosis (FC11)

SELinux and gitosis (FC11)

From: Jonathan Stott <jonathan.stott_at_nospam>
Date: Tue Jun 30 2009 - 15:21:21 GMT
To: fedora-selinux-list@redhat.com

Hi all

Today I updated to FC11 and gitosis stopped working (gitosis is a collection of scripts for easing multiuser access to git repositories over ssh). I can tell it's an SELinux problem, because '/sbin/setenforcing 0' clears it up.

On the server, the git repositories are managed by the 'git' user, which has the guest_u selinux type (though it also fails when given the user_u user). The home directory (/home/git) has the correct selinux context (user_home_t) as far as I can tell and I've run 'restorecon -Rvv' anyway, just to be sure. gitosis works by calling a system binary, gitosis-serve, which lives in /usr/bin/ and has the type of 'bin_t' so guest_u should be able to execute it. Even with 'setenforcing 0' no AVC denials are created though. Checking /var/log/secure shows that the key is being accepted, and it seems like the process then hangs.

Any suggestions appreciated,
Jon -- fedora-selinux-list mailing list fedora-selinux-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-selinux-list