[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Subversion on SELinux

From: Amos Hayes <ahayes_at_polkaroo.net>
Date: 2004-12-09 21:58:45 CET

I thought I would share this info.

I installed subversion on a Fedora Core 3 system and got as far as
mod_dav_svn returning the "Could not open the requested SVN filesystem"
error.

I hunted all over for the cause of the "Could not open the requested
SVN filesystem" and it looked like a permission problem but the folders
were owned and writable by the apache user. In the end, it turned out
to be a result of SELinux applying a default policy to the folder that
prevented apache from reading those files.

The quick solution is to use the "chcon" command to change the security
context of the svnroot folder. I ran "chcon -R -t httpd_sys_content_t
svnroot/". This recursively modifies the security context to one which,
at least on Fedora Core 3, allows the apache 2 (RPM) to have access to
that folder.

So I'm not sure if this is book worthy or not, but certainly it would
seem to me that wherever there is a discussion of setting file
permissions, there should also be a brief mention of security context
for those running on an SELinux kernel.

P.S. The apache error log had the following lines per attempted access:

[Wed Dec 08 12:49:19 2004] [error] [client 134.117.194.200]
(20014)Error string not specified yet: Can't open file
'/home/svnroot/forma
t': Permission denied
[Wed Dec 08 12:49:19 2004] [error] [client 134.117.194.200] Could not
fetch resource information. [500, #0]
[Wed Dec 08 12:49:19 2004] [error] [client 134.117.194.200] Could not
open the requested SVN filesystem [500, #13]
[Wed Dec 08 12:49:19 2004] [error] [client 134.117.194.200] Could not
open the requested SVN filesystem [500, #13]

The system log (/var/log/messages) would have a corresponding entry
like this:

Dec 8 12:49:19 devel0 kernel: audit(1102528159.185:0): avc: denied {
read } for pid=6319 exe=/usr/sbin/httpd name=format dev=dm-0 i
no=721170 scontext=root:system_r:httpd_t
tcontext=root:object_r:user_home_t tclass=file 

--
Amos Hayes
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Fri Dec 10 03:08:21 2004

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.