Hi, Dan, Daniel J Walsh wrote: > On 03/12/2014 04:52 PM, m.roth at 5-cent.us wrote: >> Peter Brady wrote: >>> On 13/03/14 5:02 AM, m.roth at 5-cent.us wrote: >>>> (Besides Paul, who's busy?) >>>> >>>> I just need one question answered: I keep reading the docs, and given >>>> the old traditional /var/www I get that part of trac should be >>>> installed in /var/www/trac/<myproj> (I think); what I can't figure out >>>> is whether there is *anything* under the document root, that is, >>>> /var/www/html/trac/<myproject>. >>>> >>>> Anyone have a clue? Do I even need it as a placeholder, or does >>>> anything actually go in there? <snip> >>> For the single site install I've got a few things in /var/www/html: >>> >>> [root at develop www]# ls html/ >> <snip> Thanks, Peter. Between you and Paul, and, of course, much >> googling, <snip> >> Installing the agilo-plugin was easy (well, I'll know when my user gets >> going). Now shutting up selinux.... And no, what I found was *wrong*, it >> was telling you to use chcon, which does *not* last across reboots. >> semanage (bleah!).... >> > Mark what changes did you have to make for SELinux? So far, all I've done is to change the fcontexts to httpd_sys_content_t, except for the cgi, which is httpd_sys_script_exec_t. I hadn't managed to google what to do with the trac.fsgi, which selinux doesn't seem to like as the latter context. What I was referring to, above, was someone's post that I found while googling, who was saying you should chcon, which, as much as you know how much I adore selinux (NOT!), I know to use semanage and restorecon. Hmmm, I see the nightly run of updatedb is complaining: I have the cgi-bin directory itself as httpd_sys_script_exec_t - what should that be, anyway? The more I think of it, the less I like some of this.... -rw-r--r--. apache root system:object_r:httpd_sys_content_t:s0 README -rw-r--r--. apache root system:object_r:httpd_sys_content_t:s0 VERSION drwxr-xr-x. apache root system:object_r:httpd_sys_content_t:s0 attachments drwxr-xr-x. apache root system:object_r:httpd_sys_script_exec_t:s0 cgi-bin drwxr-xr-x. apache root system:object_r:httpd_sys_content_t:s0 conf drwxr-xr-x. apache root system:object_r:httpd_sys_content_t:s0 db drwxr-xr-x. apache root system:object_r:httpd_sys_content_t:s0 htdocs drwxr-xr-x. apache root system:object_r:httpd_sys_content_t:s0 log drwxr-xr-x. apache root system:object_r:httpd_sys_content_t:s0 plugins drwxr-xr-x. apache root system:object_r:httpd_sys_content_t:s0 templates Seems to me that none of that but VERSION and htdocs should be content.... Advice? Let's get this correct, and I'll post, and email trac about what they should do. Right now, <http://trac.edgewall.org/wiki/TracWithSeLinux> is what they say, and they mention chcon with CentOS 6.3. I see they have a policy (which, for some reason, is *not* part of the trac package via upstream). I suppose I could implement it, but I'd rather get someone who actually knows what they're talking about look at what they say and advise me, Dan. mark.