On Wed, Nov 8, 2017 at 5:02 PM, Doug Robinson <doug.robinson_at_wandisco.com>
wrote:
> Nico: Please state references to these bugs. I have not heard anything
> about them.
>
There have been multiple. https://bugzilla.redhat.com/show_bug.cgi?id=692573
shows up in a fast Google search: that was admittedly from 2011. I'll also
acknowledge that it's gotten better. A fast search used to show a lot more
reports of poor behavior with SELinux entirely disabled.
> Setting it to "permissive" is fine if you are going to actually use
> "audit2allow" to set a policy and then turn things back on. Otherwise it
> is slower and accumulating data unnecessarily.
>
In my experience, it's not noticeably slower than running SELinux at all.
And "permissive" can be a very useful tool to guide where and how, you
arrange Subversion server components for consistentcy with the already
activated web server SELinux policies. It's also helpful to point out where
your models of web configuration may be a little...... odd, and themselves
a source of error.
On Tue, Nov 7, 2017 at 6:55 PM, Nico Kadel-Garcia <nkadel_at_gmail.com> wrote:
>
>>
>>
>> On Tue, Nov 7, 2017 at 8:16 AM, Doug Robinson <doug.robinson_at_wandisco.com
>> > wrote:
>>
>>> Kushal:
>>>
>>> Just as a slight possibility, you might check to see that the SELinux
>>> stuff is turned off (use the "sestatus" command). If it's not disabled/off
>>> then you're going to have to allow the http account to access that data by
>>> setting the appropriate security context throughout all directories from
>>> the root ('/') down to where the SVN data is stored in that 2nd EXT4
>>> partition - and then the entire SVN data tree.
>>>
>>
>> Do *not* disable SELinux while debugging it. Set it to "permissive".
>>
>> There have been a serious of nasty bugs when switching from "enabled" to
>> "disabled", the likes of which get senior sysadmins paid good money to say
>> that sort of things.
>>
>>
>>
>>> Cheers.
>>>
>>> Doug
>>> --
>>> *DOUGLAS B ROBINSON* SENIOR PRODUCT MANAGER
>>>
>>> T +1 925 396 1125
>>> *E* doug.robinson_at_wandisco.com
>>>
>>> World Leader in Active Data Replication™
>>> *Find out more wandisco.com <http://wandisco.com/>*
>>>
>>> THIS MESSAGE AND ANY ATTACHMENTS ARE CONFIDENTIAL, PROPRIETARY AND MAY
>>> BE PRIVILEGED
>>>
>>> If this message was misdirected, WANdisco, Inc. and its subsidiaries,
>>> ("WANdisco") does not waive any confidentiality or privilege. If you are
>>> not the intended recipient, please notify us immediately and destroy the
>>> message without disclosing its contents to anyone. Any distribution, use or
>>> copying of this email or the information it contains by other than an
>>> intended recipient is unauthorized. The views and opinions expressed in
>>> this email message are the author's own and may not reflect the views and
>>> opinions of WANdisco, unless the author is authorized by WANdisco to
>>> express such views or opinions on its behalf. All email sent to or from
>>> this address is subject to electronic storage and review by WANdisco.
>>> Although WANdisco operates anti-virus programs, it does not accept
>>> responsibility for any damage whatsoever caused by viruses being passed.
>>>
>>
>>
>
>
> --
> *DOUGLAS B ROBINSON* SENIOR PRODUCT MANAGER
>
> T +1 925 396 1125
> *E* doug.robinson_at_wandisco.com
>
> World Leader in Active Data Replication™
> *Find out more wandisco.com <http://wandisco.com/>*
>
> THIS MESSAGE AND ANY ATTACHMENTS ARE CONFIDENTIAL, PROPRIETARY AND MAY BE
> PRIVILEGED
>
> If this message was misdirected, WANdisco, Inc. and its subsidiaries,
> ("WANdisco") does not waive any confidentiality or privilege. If you are
> not the intended recipient, please notify us immediately and destroy the
> message without disclosing its contents to anyone. Any distribution, use or
> copying of this email or the information it contains by other than an
> intended recipient is unauthorized. The views and opinions expressed in
> this email message are the author's own and may not reflect the views and
> opinions of WANdisco, unless the author is authorized by WANdisco to
> express such views or opinions on its behalf. All email sent to or from
> this address is subject to electronic storage and review by WANdisco.
> Although WANdisco operates anti-virus programs, it does not accept
> responsibility for any damage whatsoever caused by viruses being passed.
>
Received on 2017-11-09 04:38:13 CET