Selinux and CVS-Server has sec access problems

Support for security such as Firewalls and securing linux
Post Reply
cgroove
Posts: 1
Joined: 2012/08/01 21:34:32
Location: Germany

Selinux and CVS-Server has sec access problems

Post by cgroove » 2012/08/01 21:40:23

Dear sirs,

thanks to the CENTOS Team for this nice
Linux-Server distribution.

My system is a centos 6.3. It is running on a server with
a RAID subsystem, that stores all user homes and data.
The directory /home/cvsuser is a link to the raid-partition:

/home/cvsroot -> /media/dataDrv/Data/cvsroot

where /media/dataDrv/Data/cvsroot is located on that
raid-drive and

/media/dataDrv/Data/cvsroot/repository

holds my repository.

Due to the individual repo-directories i did:

$ chcon -R -t cvs_data_t /media/dataDrv/Data/cvsroot
$ semanage fcontext -a -t cvs_data_t '/media/dataDrv/Data/cvsroot(/.*)?'
$ restorecon -R -v /media/dataDrv/Data/cvsroot

With a setenforce 0 the remote cvs access works,
but when i enable selinux, i get the following
error:

cvs [status aborted]: unrecognized auth response from barso: cvs pserver: cannot open /home/cvsroot/repository/CVSROOT/config: Permission denied

That sounds strange for me, because a give me no
hint:

$ ls -l --lcontext /home/cvsroot/repository/CVSROOT/config
-rw-rw-r--. 1 system_u:object_r:cvs_data_t:s0 cvsroot cvsuser 986 7. Nov 2004 /home/cvsroot/repository/CVSROOT/config

Any ideas ????

Christian

KermitDaFragger
Posts: 195
Joined: 2009/09/11 19:23:05
Location: the Netherlands

Selinux and CVS-Server has sec access problems

Post by KermitDaFragger » 2012/08/18 09:51:45

Have you checked the SELinux log file "/var/log/audit/audit.log" to determine if and why SELinux blocks access to that file ?

Post Reply