Commands to compile and load module:
checkmodule -M -m -o gitweb.mod gitweb.te
semodule_package -o gitweb.pp -m gitweb.mod
semodule -i gitweb.pp
Doesn't work on your system?
setenforce 0
# try again check if projects are listed
# projects are listed -> good, selinux was your issue
# projects are not listed -> sorry, selinux was not your issue
cat /var/log/audit/audit.log | audit2allow -M gitweb
# don't play with fire.
setenforce 1
| module gitweb 1.0; | |
| require { | |
| type autofs_t; | |
| type sshd_t; | |
| type file_t; | |
| type git_system_t; | |
| type httpd_git_script_t; | |
| type default_t; | |
| type postfix_local_t; | |
| class lnk_file { read getattr }; | |
| class file { getattr read open ioctl }; | |
| class dir { read search open getattr }; | |
| } | |
| #============= git_system_t ============== | |
| allow git_system_t default_t:dir read; | |
| allow git_system_t default_t:file { read getattr open }; | |
| allow git_system_t default_t:lnk_file read; | |
| allow git_system_t file_t:dir search; | |
| #============= httpd_git_script_t ============== | |
| allow httpd_git_script_t autofs_t:dir search; | |
| allow httpd_git_script_t default_t:dir read; | |
| allow httpd_git_script_t default_t:file { read getattr open ioctl }; | |
| allow httpd_git_script_t default_t:lnk_file { read getattr }; | |
| allow httpd_git_script_t file_t:dir { search open getattr read }; | |
| allow httpd_git_script_t file_t:file { read getattr open ioctl }; | |
| #============= postfix_local_t ============== | |
| allow postfix_local_t default_t:lnk_file read; | |
| #============= sshd_t ============== | |
| allow sshd_t default_t:file { read getattr open }; | |
| allow sshd_t default_t:lnk_file { read getattr }; | |
| allow sshd_t file_t:dir { search getattr }; |