Daniel J Walsh wrote:
On 04/28/2009 10:07 PM, Daniel B. Thurman wrote:
>
>
> I am trying to get my CVS repository setup. Apparently,
> it appears that the repository must be in the root directory,
> otherwise I get selinux permission denials.
>
> What I tried to do initially was to locate the repository
> on a NTFS filesystem for which the context is fusefs
> which could not be changed, no matter what I tried.
> I got selinux permission errors.
>
> Giving that up, I moved the repository to a ext3 filesystem
> located on a separate drive/partition, mounted on /f-App1,
> where the repository is located @ /f-App1/Develop/cvs, and did:
>
> cd /f-App1/Develop/
> chown -R cvs:cvs cvs
> chcon -R -t cvs_data_t cvs
> find cvs -type d -exec chmod 755 {} \;
> find cvs -type t -exec chmod 754 {} \;
> ln -s /f-App1/Develop/cvs /cvs
>
> and I got selinux complaining that the files are not /cvs rooted.
>
> So I did:
>
> cp -a /f-App1/Develop/cvs /cvs1
> rm -f /cvs
> ln -s /cvs1 /cvs
>
> And it worked.
>
> How can I place my repository in a non-rooted, non-standard
> repository location and avoid the selinux complaints?
I blogged on your email
http://danwalsh.livejournal.com/28027.html
Thanks a lot Dan! I will see what I can do to resolve
my CVS issues. Please read my posting in reply to Todd
Dennison. I was asking myself why the "all or nothing
proposition", and about using selinux context with more
flexibility than what we have? I understand that security
prevails over flexibility but I was wondering if there was
a way to gain more flexibility and yet still retain security?
For example, if multiple context / file was possible, then
one could theoretically traverse from the top of the tree
to allow passage to the leaf of the tree? Yes I can imagine
it is a bit more complexity, but... if security is not compromised,
then, perhaps it's worth it?
PS: For some reason or another, I am no longer receiving
Fedora SeLinux mailing list postings. Is the Fedora SeLinux
mailing list still active?
Kind regards,
Dan