fossil, mongoose, and SELinux
Instructions to confine fossil and mongoose in SELinux.
This configuration serves multiple fossil projects over HTTPS on Fedora 16. Mongoose is a small web server. Like fossil, it is a single binary. Create fossil user Code:
# useradd -m fossil Code:
$ cd Code:
$ cd Code:
$ cd Code:
$ cd Code:
$ cd * See http://www.fossil-scm.org/fossil/doc...ww/server.wiki Code:
$ cd Code:
# cat >/etc/rc.d/rc.local <<__EOF__ * See http://fedoraproject.org/wiki/SELinux/apache Code:
# restorecon /etc/rc.d/rc.local Code:
# systemctl start rc-local.service Test fossil access * Browse to https://127.0.0.1/fossil.cgi/project1 |
Quote:
Quote:
Quote:
Quote:
//NTLB |
unSpawn, thanks for the feedback. As suggested, below are rewrites for the last few sections.
-Ben Run service when system starts Code:
# udir=$(pkg-config systemd --variable=systemdsystemunitdir) Correct security settings * See http://fedoraproject.org/wiki/SELinux/apache Code:
# setsebool -P httpd_enable_cgi 1 Code:
# systemctl start mongoose.service Test fossil access * Browse to https://127.0.0.1/fossil.cgi/project1 |
All times are GMT -5. The time now is 03:06 PM. |