selinux restricting cvsweb from running

hattori.hanzo · 04-02-2008, 10:26 PM

I installed cvsweb but it appears selinux is preventing it from running (cvsweb.cgi).

I dropped into selinux permissive mode and then cvsweb runs without issues.

How could I excempt cvsweb from the selinux restrictions.

I am running fedora 8.

regards

unSpawn · 04-03-2008, 09:21 AM

There should be AVC messages logged. You can run those through audit2allow and build a local policy. This should add cvsweb rather than exempt it from being subject to the policy, you shouldn't want that on 'net facing applications unless your 'net is private and populated with only trusted users. Searching LQ or the Fedora site for "audit2allow" should show steps. If unsure, ask away.

hattori.hanzo · 04-04-2008, 01:04 AM

Thanks. Exactly what I was looking for.

Cheers.