Daniel J Walsh wrote:
On 04/28/2009 10:07 PM, Daniel B. Thurman wrote:I am trying to get my CVS repository setup. Apparently, it appears that the repository must be in the root directory, otherwise I get selinux permission denials. What I tried to do initially was to locate the repository on a NTFS filesystem for which the context is fusefs which could not be changed, no matter what I tried. I got selinux permission errors. Giving that up, I moved the repository to a ext3 filesystem located on a separate drive/partition, mounted on /f-App1, where the repository is located @ /f-App1/Develop/cvs, and did: cd /f-App1/Develop/ chown -R cvs:cvs cvs chcon -R -t cvs_data_t cvs find cvs -type d -exec chmod 755 {} \; find cvs -type t -exec chmod 754 {} \; ln -s /f-App1/Develop/cvs /cvs and I got selinux complaining that the files are not /cvs rooted. So I did: cp -a /f-App1/Develop/cvs /cvs1 rm -f /cvs ln -s /cvs1 /cvs And it worked. How can I place my repository in a non-rooted, non-standard repository location and avoid the selinux complaints?I blogged on your email http://danwalsh.livejournal.com/28027.html
Thanks a lot Dan! I will see what I can do to resolve my CVS issues. Please read my posting in reply to Todd Dennison. I was asking myself why the "all or nothing proposition", and about using selinux context with more flexibility than what we have? I understand that security prevails over flexibility but I was wondering if there was a way to gain more flexibility and yet still retain security? For example, if multiple context / file was possible, then one could theoretically traverse from the top of the tree to allow passage to the leaf of the tree? Yes I can imagine it is a bit more complexity, but... if security is not compromised, then, perhaps it's worth it? PS: For some reason or another, I am no longer receiving Fedora SeLinux mailing list postings. Is the Fedora SeLinux mailing list still active? Kind regards, Dan -- fedora-list mailing list fedora-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
