Re: Subversion on SELinux
From: Amos Hayes <ahayes_at_polkaroo.net>
Date: 2004-12-10 06:03:09 CET
Thanks Henrik. That's some great info and would have quickly helped me
The only problem is that you have to know that permissions are the
If one were to look in the FAQ (as I did) for the error messages (such
So, perhaps a pointer from the "I'm getting errors..." question would
I think subversion is great and the docs are super. Just trying to help
--
Amos
On 9-Dec-04, at 8:07 PM, Henrik Vendelbo wrote:
> We just updated the FAQ on the site a couple of days ago describing
> this. I
> posted a patch with additional info recently.
>
> ----- Original Message -----
> From: "Amos Hayes" <ahayes@polkaroo.net>
> To: <users@subversion.tigris.org>
> Sent: Thursday, December 09, 2004 8:58 PM
> Subject: Subversion on SELinux
>
>
>> I thought I would share this info.
>>
>> I installed subversion on a Fedora Core 3 system and got as far as
>> mod_dav_svn returning the "Could not open the requested SVN
>> filesystem"
>> error.
>>
>> I hunted all over for the cause of the "Could not open the requested
>> SVN filesystem" and it looked like a permission problem but the
>> folders
>> were owned and writable by the apache user. In the end, it turned out
>> to be a result of SELinux applying a default policy to the folder that
>> prevented apache from reading those files.
>>
>> The quick solution is to use the "chcon" command to change the
>> security
>> context of the svnroot folder. I ran "chcon -R -t httpd_sys_content_t
>> svnroot/". This recursively modifies the security context to one
>> which,
>> at least on Fedora Core 3, allows the apache 2 (RPM) to have access to
>> that folder.
>>
>> So I'm not sure if this is book worthy or not, but certainly it would
>> seem to me that wherever there is a discussion of setting file
>> permissions, there should also be a brief mention of security context
>> for those running on an SELinux kernel.
>>
>> P.S. The apache error log had the following lines per attempted
>> access:
>>
>> [Wed Dec 08 12:49:19 2004] [error] [client 134.117.194.200]
>> (20014)Error string not specified yet: Can't open file
>> '/home/svnroot/forma
>> t': Permission denied
>> [Wed Dec 08 12:49:19 2004] [error] [client 134.117.194.200] Could not
>> fetch resource information. [500, #0]
>> [Wed Dec 08 12:49:19 2004] [error] [client 134.117.194.200] Could not
>> open the requested SVN filesystem [500, #13]
>> [Wed Dec 08 12:49:19 2004] [error] [client 134.117.194.200] Could not
>> open the requested SVN filesystem [500, #13]
>>
>>
>> The system log (/var/log/messages) would have a corresponding entry
>> like this:
>>
>> Dec 8 12:49:19 devel0 kernel: audit(1102528159.185:0): avc: denied
>> {
>> read } for pid=6319 exe=/usr/sbin/httpd name=format dev=dm-0 i
>> no=721170 scontext=root:system_r:httpd_t
>> tcontext=root:object_r:user_home_t tclass=file
>>
>>
>> --
>> Amos Hayes
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
>> For additional commands, e-mail: users-help@subversion.tigris.org
>>
>>
>>
>>
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
> For additional commands, e-mail: users-help@subversion.tigris.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Fri Dec 10 06:05:31 2004
|
This is an archived mail posted to the Subversion Users mailing list.
This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.