I think you want httpd_sys_script_exec_t
On Sat, 2014-08-02 at 14:16 +0000, Matthew Saltzman wrote:
SubGit is a system that keeps a Subversion repository and a Git
repository in sync. In order to do that, it includes a program called
fast-pre-commit (C, I believe) that is run as part of Subversion's
pre-commit process. It lives in the Subversion repository's hooks/
directory. If Subversion commits are handled by httpd, then the
pre-commit script is run, but its call to the fast-pre-commit program
fails because it doesn't see fast-pre-commit as executable. Local
commits (not using httpd) work as expected.
The pre-commit script and the fast-pre-commit program both have context
unconfined_u:object_r:httpd_sys_rw_content_t:s0
although restorecon wants to reset the user to system_u (which doesn't
solve the problem), and both have permissions -rwxrwxr-x.
What should fast-pre-commit's context be in order for it to execute
properly? Or what is the best way to make a particular executable run
when invoked from httpd?
TIA.