Problem with selinux
Closed this issue · 5 comments
I've been trying to figure out how to make this plugin work on a system with selinux enabled. Turns out that this is non-trivial.
To start, the shell-scripts in /tmp must be labeled properly to allow them to be executed at all. This means that the scripts need to be created, then labeled afterwards.
Second, finding a labeling that allows "setuid", "setgid", and "rlimit" operations is not trivial without allowing these operations for all httpd scripts. I am currently stuck on this issue. I could probably construct a custom selinux policy, but that is pretty complex.
Have you had any success running on a system with selinux? It would be much simpler (and more secure) to avoid the sudo operations entirely. They seem to only be needed for a limited number of operations., namely changing the admin key (which could be done as a separate configuration operation rather than through redmine) , setting the update hooks on repositories (which could be done with gitolite functionality?), and changing the name of a repository (perhaps the one sticky issue)....
This plugin really isn't designed to be compatible with selinux. Few enough people care about this that it really isn't a priority or an interest of mine.
If you want to work on this and supply a patch that doesn't interfere with systems not running selinux, I would be glad to accept it, but this isn't something I intend to address myself.
Well, gitolite was designed for corporate environments which do care about selinux. If nothing else, the difficulty with selinux highlights some of the (potential) security vulnerabilities with this plugin.
No, difficulties with selinux do not highlight security vulnerabilities. It just presents more security hoops to jump through.
If you wish to report a security vulnerability, please do so. I am very interested in eliminating any security issues you identify.
On 10/7/2011 9:29 AM, Eric Bishop wrote:
No, difficulties with selinux does not highlight security vulnerabilities. It just presents more security hoops to jump through.
If you wish to report a security vulnerability, please do so. I am very interested in eliminating any security issues you identify.
I tell you what. If you move the binaries to a /bin directory in your
plugin directory, I'll craft a selinux policy for your plugin....
Ideally, these scripts should be there statically, rather than created
on the fly. The only change (as far as I can tell), would be to have an
extra argument or two for the git user and location of the ssh key (in
the case of the ssh script).
--KUBI--
Professor John Kubiatowicz
673 Soda Hall
Berkeley, CA 94720-1776
No. I'm not interested in this.
This issue is closed.