On 09/22/2015 08:37 PM, Matthew Saltzman wrote:
On Tue, 2015-09-22 at 19:21 +0100, Trevor Hemsley wrote:
> On 22/09/15 18:50, Matthew Saltzman wrote:
>> for pid file '/var/www/svn/FlopC++/subgit/daemon.pid
>
> Probably not the best location for a pid file. I'd suspect that write
> access to anything under /var/www is disallowed. Can you not move it
> to
> /var/run?
*I* can't. It's hard-coded in a compiled executable. I could make that
recommendation to the Subgit folks. I suspect they may do that because
they know for sure where the directory they are executing from is, but
they may not feel they have a guarantee that /var/run is available in
every *nix distribution.
We can label /var/www/svn/FlopC++/subgit for example if it is owned by a
package.
The main gole is we need to get AVCs. Try to re-test it and run
#ausearch -m avc,user_avc -ts recent
On the other hand, the Subversion repositories themselves are in
/var/www/svn and interacting with them works fine (including writes),
modulo this issue.
>
> Trevor
--
Miroslav Grepl
Senior Software Engineer, SELinux Solutions
Red Hat, Inc.