We just updated the FAQ on the site a couple of days ago describing this. I
posted a patch with additional info recently.
----- Original Message -----
From: "Amos Hayes" <ahayes@polkaroo.net>
To: <users@subversion.tigris.org>
Sent: Thursday, December 09, 2004 8:58 PM
Subject: Subversion on SELinux
> I thought I would share this info.
>
> I installed subversion on a Fedora Core 3 system and got as far as
> mod_dav_svn returning the "Could not open the requested SVN filesystem"
> error.
>
> I hunted all over for the cause of the "Could not open the requested
> SVN filesystem" and it looked like a permission problem but the folders
> were owned and writable by the apache user. In the end, it turned out
> to be a result of SELinux applying a default policy to the folder that
> prevented apache from reading those files.
>
> The quick solution is to use the "chcon" command to change the security
> context of the svnroot folder. I ran "chcon -R -t httpd_sys_content_t
> svnroot/". This recursively modifies the security context to one which,
> at least on Fedora Core 3, allows the apache 2 (RPM) to have access to
> that folder.
>
> So I'm not sure if this is book worthy or not, but certainly it would
> seem to me that wherever there is a discussion of setting file
> permissions, there should also be a brief mention of security context
> for those running on an SELinux kernel.
>
> P.S. The apache error log had the following lines per attempted access:
>
> [Wed Dec 08 12:49:19 2004] [error] [client 134.117.194.200]
> (20014)Error string not specified yet: Can't open file
> '/home/svnroot/forma
> t': Permission denied
> [Wed Dec 08 12:49:19 2004] [error] [client 134.117.194.200] Could not
> fetch resource information. [500, #0]
> [Wed Dec 08 12:49:19 2004] [error] [client 134.117.194.200] Could not
> open the requested SVN filesystem [500, #13]
> [Wed Dec 08 12:49:19 2004] [error] [client 134.117.194.200] Could not
> open the requested SVN filesystem [500, #13]
>
>
> The system log (/var/log/messages) would have a corresponding entry
> like this:
>
> Dec 8 12:49:19 devel0 kernel: audit(1102528159.185:0): avc: denied {
> read } for pid=6319 exe=/usr/sbin/httpd name=format dev=dm-0 i
> no=721170 scontext=root:system_r:httpd_t
> tcontext=root:object_r:user_home_t tclass=file
>
>
> --
> Amos Hayes
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
> For additional commands, e-mail: users-help@subversion.tigris.org
>
>
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Fri Dec 10 03:21:33 2004