如何让Gitweb使用SELinux(在CentOS 6.5上,使用gitolite v3)
[英]How to get Gitweb working with SELinux (on CentOS 6.5, with gitolite v3)
问题描述
I have installed gitolite and gitweb according to the tutorial in this blog post . 
我已经按照本教程安装gitolite和的GitWeb 的博客文章 。 The whole thing runs really good. 整个过程非常好。 I am able to clone and commit to the server. 我能够克隆并提交到服务器。
However, Gitweb shows no project with the error code 404 - No projects found . 然而,GitWeb显示错误代码没有项目404 - No projects found 。 I discovered that SELinux denied gitweb.cgi from accessing some files. 我发现SELinux拒绝gitweb.cgi访问某些文件。 Gitweb is able to show the repositories only after putting SELinux into permissive mode. 只有在将SELinux置于许可模式后,Gitweb才能显示存储库。
# setenforce 0
I have already tried many solutions from a few sites, but I found none of them work for me. 我已经尝试过几个网站的许多解决方案,但我发现它们都不适用于我。 For example, I have tried the solution introduced in this blog post . 例如,我曾尝试在此介绍的解决方案的博客文章 。
# semanage fcontext -a -t httpd_sys_content_t /var/lib/gitolite/projects.list
# restorecon -v /var/lib/gitolite/projects.list
I have the following SELinux log but I really have no ideas what to do with it. 我有以下SELinux日志,但我真的不知道如何处理它。 I have already messing with this problem for a whole day, any suggestions are appreciated. 我已经把这个问题弄乱了一整天,任何建议都表示赞赏。 Thanks in advance 提前致谢
type=AVC msg=audit(1390845123.601:280): avc: denied { rlimitinh } for pid=2049 comm="gitweb.cgi" scontext=unconfined_u:system_r:httpd_t:s0 tcontext=unconfined_u:system_r:httpd_git_script_t:s0 tclass=process
type=AVC msg=audit(1390845123.601:280): avc: denied { siginh } for pid=2049 comm="gitweb.cgi" scontext=unconfined_u:system_r:httpd_t:s0 tcontext=unconfined_u:system_r:httpd_git_script_t:s0 tclass=process
type=AVC msg=audit(1390845123.601:280): avc: denied { noatsecure } for pid=2049 comm="gitweb.cgi" scontext=unconfined_u:system_r:httpd_t:s0 tcontext=unconfined_u:system_r:httpd_git_script_t:s0 tclass=process
type=SYSCALL msg=audit(1390845123.601:280): arch=40000003 syscall=11 success=yes exit=0 a0=1d554e0 a1=1d52e38 a2=1d52e48 a3=1d532a8 items=0 ppid=1610 pid=2049 auid=500 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=2 comm="gitweb.cgi" exe="/usr/bin/perl" subj=unconfined_u:system_r:httpd_git_script_t:s0 key=(null)
type=AVC msg=audit(1390845124.272:281): avc: denied { search } for pid=2049 comm="gitweb.cgi" name="gitolite" dev=dm-0 ino=658360 scontext=unconfined_u:system_r:httpd_git_script_t:s0 tcontext=system_u:object_r:gitosis_var_lib_t:s0 tclass=dir
type=SYSCALL msg=audit(1390845124.272:281): arch=40000003 syscall=195 success=no exit=-13 a0=9ce0890 a1=98f50c0 a2=996ff4 a3=98f5008 items=0 ppid=1610 pid=2049 auid=500 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=2 comm="gitweb.cgi" exe="/usr/bin/perl" subj=unconfined_u:system_r:httpd_git_script_t:s0 key=(null)
type=AVC msg=audit(1390845124.273:282): avc: denied { search } for pid=2049 comm="gitweb.cgi" name="gitolite" dev=dm-0 ino=658360 scontext=unconfined_u:system_r:httpd_git_script_t:s0 tcontext=system_u:object_r:gitosis_var_lib_t:s0 tclass=dir
type=SYSCALL msg=audit(1390845124.273:282): arch=40000003 syscall=195 success=no exit=-13 a0=9ce0890 a1=98f50c0 a2=996ff4 a3=98f5008 items=0 ppid=1610 pid=2049 auid=500 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=2 comm="gitweb.cgi" exe="/usr/bin/perl" subj=unconfined_u:system_r:httpd_git_script_t:s0 key=(null)
1 个解决方案
解决方案1
3 已采纳 2014-02-16 21:11:22
You would change the default context for any of files or subdirectories in '/var/lib/gitolite', not only projects.list. 您可以更改'/ var / lib / gitolite'中任何文件或子目录的默认上下文,而不仅仅是projects.list。
# semanage fcontext -a -t httpd_sys_content_t "/var/lib/gitolite(/.*)?"
# restorecon -v /var/lib/gitolite
Read more about that denial on https://bugzilla.redhat.com/show_bug.cgi?format=multiple&id=736623 在https://bugzilla.redhat.com/show_bug.cgi?format=multiple&id=736623上阅读有关拒绝的更多信息
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.