Subject | Hash | Author | Date (UTC) |
---|---|---|---|
Small changes in several places | 357571a8a8821b82f072bf83808342693e9a649c | Catalin(ux) M. BOIE | 2019-10-30 17:13:29 |
SELinux: php tries to map the config file | 3e2115c88e7b424171060f14aa2cf4c856bf5e58 | Catalin(ux) M. BOIE | 2019-10-30 15:09:12 |
Removed comments from php-fpm.conf | 46f4a76b3d0a37b3f6f2bdef8b749eca84246cce | Catalin(ux) M. BOIE | 2019-10-29 15:14:18 |
pool sample: removed comments | 53364f40abda9cdab63a961e230bedb3c2dfcb67 | Catalin(ux) M. BOIE | 2019-10-29 15:12:01 |
Adapt spec file to Fedora 31 | 599df94445a9396fdc1cc0cc43df50838db973ae | Catalin(ux) M. BOIE | 2019-10-29 13:59:05 |
Cosmetic | 69abfb69054c86d3b8136a83f3929831b2f75afe | Catalin(ux) M. BOIE | 2019-10-29 13:56:48 |
selinux: we need also map for httpd_t -> rocketgit_usr_t | 6f4161abd283b4b83e5f3655d47187d9daf37a6f | Catalin(ux) M. BOIE | 2019-10-29 03:44:20 |
.spec update | f5b7c9777f6e0f9e5b669c45abf5420bf0da80b8 | Catalin(ux) M. BOIE | 2019-10-26 05:35:45 |
Update version to 0.71 | 6f66dc4dda14cc3b171b91cd1feb28a762cf469a | Catalin(ux) M. BOIE | 2019-10-26 05:32:56 |
selinux: rg_change_pass updates | 8c09ed1e91dd80e5cfbb5c39064b21c35057b58d | Catalin(ux) M. BOIE | 2019-10-26 05:32:01 |
Cosmetic | 4b3f0dd52126a4a0e58766699b2dcce83770f822 | Catalin(ux) M. BOIE | 2019-10-26 05:31:35 |
Rework rg_git_merge because it failed | dc8dc39ac4235e9f6d4b9f7f6981bf9c4a10bc5f | Catalin(ux) M. BOIE | 2019-10-26 05:30:48 |
Compariso script updates | d56371208be824b919259f807d9e8aee41f74c4a | Catalin(ux) M. BOIE | 2019-10-26 05:30:09 |
css updates | e051981b55d28a8f37ff6aff9425e99912ff34da | Catalin(ux) M. BOIE | 2019-10-26 05:29:45 |
Comparison updates | e7a2d2b92380f1c4946ccd54113f1ca1b9b7216b | Catalin(ux) M. BOIE | 2019-10-26 05:29:03 |
TODO update | 25ee0cf19af35ff1c9a273528bf60f40be987dfe | Catalin(ux) M. BOIE | 2019-10-26 05:28:44 |
History update | 86c0575fd1ce8b8dd7729c909b7b45e488729f87 | Catalin(ux) M. BOIE | 2019-10-26 05:28:27 |
Big rework for rg_exec/rg_exec2 | 6b962257e2494217bcd528bcdbb39544b3809c14 | Catalin(ux) M. BOIE | 2019-10-26 05:28:09 |
Be more explicit and specify exactly the ssh command instead of 'ssh ... totp' | 3750e02fc5a0d75ba274c6ae9757e3d582348f51 | Catalin(ux) M. BOIE | 2019-10-25 02:54:52 |
Activating gzip compression in nginx sample file | 60a153c84f1a8ee68c4008d2cb512d3016c50499 | Catalin(ux) M. BOIE | 2019-10-25 02:33:13 |
File | Lines added | Lines deleted |
---|---|---|
TODO | 2 | 2 |
compare.csv | 1 | 0 |
selinux/rocketgit.te.tmpl | 6 | 0 |
File TODO changed (mode: 100644) (index 73f979d..37328bf) | |||
1 | 1 | == Where I stopped last time == | == Where I stopped last time == |
2 | [ ] ssh key checked is install 0700 and owner root. It must be allowed to | ||
3 | be run by rocketgit user! Spec? Makefile? | ||
4 | 2 | ||
5 | 3 | == BEFORE NEXT RELEASE == | == BEFORE NEXT RELEASE == |
4 | [ ] Before activating a http webhook, force user to add to the root of the fs file | ||
5 | .well-known/rocketgit/hook-verify.txt wih a custom content. | ||
6 | 6 | [ ] MR merge_mr must contain also the ID. | [ ] MR merge_mr must contain also the ID. |
7 | 7 | Search for "This is the merge message <xss>". | Search for "This is the merge message <xss>". |
8 | 8 | [ ] git_merge_base: cache is not done in the repo namespace => will not be | [ ] git_merge_base: cache is not done in the repo namespace => will not be |
File compare.csv changed (mode: 100644) (index d58aefc..4393f83) | |||
31 | 31 | "Continuous integration","Yes","Yes","?","?","?","?" | "Continuous integration","Yes","Yes","?","?","?","?" |
32 | 32 | "Code review","No","Yes","Yes","?","?","?" | "Code review","No","Yes","Yes","?","?","?" |
33 | 33 | "Wiki","No","Yes","Yes","n/a","?","?" | "Wiki","No","Yes","Yes","n/a","?","?" |
34 | "User custom pages","No","Yes","Yes","n/a","?","?" | ||
34 | 35 | "System resource friendly? {Is it light on CPU/memory/disk?}","Yes","No","?","Yes","?","?" | "System resource friendly? {Is it light on CPU/memory/disk?}","Yes","No","?","Yes","?","?" |
35 | 36 | ,,,,,, | ,,,,,, |
36 | 37 | "[Rights]",,,,,, | "[Rights]",,,,,, |
File selinux/rocketgit.te.tmpl changed (mode: 100644) (index 07b639e..e8d5fa0) | |||
... | ... | gen_require(` | |
7 | 7 | role unconfined_r; | role unconfined_r; |
8 | 8 | type fs_t; | type fs_t; |
9 | 9 | type sshd_t; | type sshd_t; |
10 | class capability dac_read_search; | ||
10 | 11 | ||
11 | 12 | @@EXTRA_GEN_REQUIRE@@ | @@EXTRA_GEN_REQUIRE@@ |
12 | 13 | ') | ') |
... | ... | dontaudit system_mail_t rocketgit_usr_t:file read; | |
158 | 159 | allow rocketgit_t tmp_t:dir { write remove_name add_name }; | allow rocketgit_t tmp_t:dir { write remove_name add_name }; |
159 | 160 | allow rocketgit_t tmp_t:file { write open create unlink setattr }; | allow rocketgit_t tmp_t:file { write open create unlink setattr }; |
160 | 161 | ||
162 | # rg_authorize | ||
163 | # type=AVC msg=audit(1572449949.165:1342): avc: denied { dac_override } for pid=2362 comm="rg_authorize" capability=1 scontext=unconfined_u:unconfined_r:rocketgit_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:rocketgit_t:s0-s0:c0.c1023 tclass=capability permissive=0 | ||
164 | allow rocketgit_t self:capability dac_read_search; | ||
165 | userdom_use_inherited_user_ptys(rocketgit_t) | ||
166 | |||
161 | 167 | # Locale | # Locale |
162 | 168 | miscfiles_read_localization(rocketgit_t) | miscfiles_read_localization(rocketgit_t) |
163 | 169 |