diff options
| author | Todd Zullinger <tmz@fedoraproject.org> | 2009-03-15 23:47:44 +0000 |
|---|---|---|
| committer | Todd Zullinger <tmz@fedoraproject.org> | 2009-03-15 23:47:44 +0000 |
| commit | d082d58faf41fc0aff5f9039794cc523d7322a54 (patch) | |
| tree | ee83e9b53a5eabf0fd42ea7d9f9a829064837ca6 | |
| parent | 45a6845db87736b3f41ad954e7d8e37a75b082f4 (diff) | |
| download | cgit_EL6-d082d58faf41fc0aff5f9039794cc523d7322a54.tar.gz | |
Update README.SELinux from stable branch
| -rw-r--r-- | README.SELinux | 34 |
1 files changed, 16 insertions, 18 deletions
diff --git a/README.SELinux b/README.SELinux index 329b816..95c690c 100644 --- a/README.SELinux +++ b/README.SELinux @@ -1,24 +1,22 @@ -If you use SELinux, there are a few things you'll need to take care of -for cgit to work smoothly. (Most of these should be fixed in the -official selinux-policy packages before cgit makes it into Fedora). +If you use SELinux, you need to ensure that the httpd_enable_cgi boolean is +set properly. This can be done via the command line, e.g.: -1. Enable the httpd_enable_cgi boolean - $ setsebool -P httpd_enable_cgi 1 + # setsebool -P httpd_enable_cgi 1 -2. Set proper file contexts - (These should be taken care of in the selinux-policy package before - cgit makes it into stable Fedora versions.) +Or you can use the graphical tool system-config-selinux, via System -> +Administration -> SELinux Management on the Gnome menu. - a) The cache dir needs to be writable by the cgi - # semanage fcontext -a -t httpd_sys_content_rw_t "/var/cache/cgit(/.*)?" +Additionally, the git repositories need to be readable by the cgi. This is +handled automatically for repositories in the default path, /var/lib/git. If +your repositories are in a different path, /srv/git, for example, you can set +the proper context using semanage: - b) The git repositories need to be readable by the cgi - # semanage fcontext -a -t httpd_sys_content_t "/var/lib/git(/.*)?" + # semanage fcontext -a -t httpd_sys_content_t "/srv/git(/.*)?" - If your git repositories are somewhere other than /var/lib/git, use that - path in the command above. If you have other confined daemons that need - to access the git repositories, you may want to use public_content_t - instead of httpd_sys_content_t. +If you have other confined daemons that need to access the git repositories, +you may want to use public_content_t, or public_content_rw_t instead of +httpd_sys_content_t. - c) Run restorecon to update the contexts - # restorecon -R /var/cache/cgit /var/lib/git +Then use restorecon to update the contexts: + + # restorecon -RF /srv/git |