How to configure SELinux to allow apache to run git

httpd centos selinux

Solution 1:

Run your system temporarily wit SELinux in Permissive mode (setenforce 0). Carry out your normal operations so that errors are logged to audit.log.

You can then use audit2why to get an explanation of the issue(s). You can use audit2allow to generate a loadable policy module. So for example

audit2allow <wyred.log
type=AVC msg=audit(1401182476.567:363184): avc:  denied  { read } for  pid=11082 comm="ssh" name="known_hosts" dev=dm-0 ino=11272197 scontext=system_u:system_r:httpd_sys_script_t:s0 tcontext=unconfined_u:object_r:default_t:s0 tclass=file

    Was caused by:
            Missing type enforcement (TE) allow rule.

            You can use audit2allow to generate a loadable module to allow this 
            access.

then

audit2allow -M wyred <wyred.log
******************** IMPORTANT ***********************
To make this policy package active, execute:

semodule -i wyred.pp

will generate a .pp file and a readable.te file.

Related

Loopback Device Not Configured On Boot
Is it possible to restrict download by MIME type/content type in nginx?
FTP/SSL in passive mode with portrange, which ports has to be open on the firewall?
How Can I prevent a specific application from being run on a specific machine using Group Policy?
ntrights equivalent/replacement for Server 2008
Setting up https with a self-signed certificate on Apache
Is there a way to make encrypted DNS resolutions? [closed]
Why can't DSC find a resource that's installed?
Recommended SpamAssassin update channels?
Monitor or log directory permission changes?
What issues should I watch for when rolling out CentOS as a desktop environment?
Apache Virtual Hosts - Map different paths of the same domain (or IP) to different sites