From: domg472@gmail.com (Dominick Grift) Date: Tue, 19 Aug 2008 14:31:13 +0200 Subject: [refpolicy] SeLinux policy for git-daemon In-Reply-To: <384B2616-1BC4-4131-97A4-9A6EB86191D3@gmx.de> References: <1219072370.15402.6.camel@desktop.local.neuhalfen.name> <1219072116.2609.90.camel@moss-terrapins.epoch.ncsc.mil> <1219073827.15402.15.camel@desktop.local.neuhalfen.name> <1219073514.2609.98.camel@moss-terrapins.epoch.ncsc.mil> <1219075787.15402.27.camel@desktop.local.neuhalfen.name> <1219077440.8272.5.camel@moss-spartans.epoch.ncsc.mil> <384B2616-1BC4-4131-97A4-9A6EB86191D3@gmx.de> Message-ID: <1219149073.8324.7.camel@sulphur.notebook.internal> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com On Mon, 2008-08-18 at 20:05 +0200, Jens Neuhalfen wrote: > I'll take a look at Dominicks policy as it looks quite sophisticated > at first glance. > > Thanks for pointing me to the post, > > Jens Hi, my git-daemon policy is a version that should be integrated into refpolicy. It works really well except that the git_daemon_read_git_daemon_system_content(httpd) should be tunable and optional. My version also has policy for git-shell users. However you will need to create a git-shell userdomain for it. Which is not hard to do: just call git_daemon_git_user_template(mygituser) or similar. It also required a default context for your gitshelluser which you can copy from /etc/selinux/targeted/contexts/users/guest_u If you have any comments or suggestions about my policy please let me know. You can also catch my on irc , irc.freenode.org #selinux and #fedora-selinux -- Dominick Grift -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 197 bytes Desc: This is a digitally signed message part Url : http://oss.tresys.com/pipermail/refpolicy/attachments/20080819/1d87d272/attachment.bin