File TODO changed (mode: 100644) (index 73f979d..37328bf) |
1 |
1 |
== Where I stopped last time == |
== Where I stopped last time == |
2 |
|
[ ] ssh key checked is install 0700 and owner root. It must be allowed to |
|
3 |
|
be run by rocketgit user! Spec? Makefile? |
|
4 |
2 |
|
|
5 |
3 |
== BEFORE NEXT RELEASE == |
== BEFORE NEXT RELEASE == |
|
4 |
|
[ ] Before activating a http webhook, force user to add to the root of the fs file |
|
5 |
|
.well-known/rocketgit/hook-verify.txt wih a custom content. |
6 |
6 |
[ ] MR merge_mr must contain also the ID. |
[ ] MR merge_mr must contain also the ID. |
7 |
7 |
Search for "This is the merge message <xss>". |
Search for "This is the merge message <xss>". |
8 |
8 |
[ ] git_merge_base: cache is not done in the repo namespace => will not be |
[ ] git_merge_base: cache is not done in the repo namespace => will not be |
File compare.csv changed (mode: 100644) (index d58aefc..4393f83) |
31 |
31 |
"Continuous integration","Yes","Yes","?","?","?","?" |
"Continuous integration","Yes","Yes","?","?","?","?" |
32 |
32 |
"Code review","No","Yes","Yes","?","?","?" |
"Code review","No","Yes","Yes","?","?","?" |
33 |
33 |
"Wiki","No","Yes","Yes","n/a","?","?" |
"Wiki","No","Yes","Yes","n/a","?","?" |
|
34 |
|
"User custom pages","No","Yes","Yes","n/a","?","?" |
34 |
35 |
"System resource friendly? {Is it light on CPU/memory/disk?}","Yes","No","?","Yes","?","?" |
"System resource friendly? {Is it light on CPU/memory/disk?}","Yes","No","?","Yes","?","?" |
35 |
36 |
,,,,,, |
,,,,,, |
36 |
37 |
"[Rights]",,,,,, |
"[Rights]",,,,,, |
File selinux/rocketgit.te.tmpl changed (mode: 100644) (index 07b639e..e8d5fa0) |
... |
... |
gen_require(` |
7 |
7 |
role unconfined_r; |
role unconfined_r; |
8 |
8 |
type fs_t; |
type fs_t; |
9 |
9 |
type sshd_t; |
type sshd_t; |
|
10 |
|
class capability dac_read_search; |
10 |
11 |
|
|
11 |
12 |
@@EXTRA_GEN_REQUIRE@@ |
@@EXTRA_GEN_REQUIRE@@ |
12 |
13 |
') |
') |
|
... |
... |
dontaudit system_mail_t rocketgit_usr_t:file read; |
158 |
159 |
allow rocketgit_t tmp_t:dir { write remove_name add_name }; |
allow rocketgit_t tmp_t:dir { write remove_name add_name }; |
159 |
160 |
allow rocketgit_t tmp_t:file { write open create unlink setattr }; |
allow rocketgit_t tmp_t:file { write open create unlink setattr }; |
160 |
161 |
|
|
|
162 |
|
# rg_authorize |
|
163 |
|
# type=AVC msg=audit(1572449949.165:1342): avc: denied { dac_override } for pid=2362 comm="rg_authorize" capability=1 scontext=unconfined_u:unconfined_r:rocketgit_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:rocketgit_t:s0-s0:c0.c1023 tclass=capability permissive=0 |
|
164 |
|
allow rocketgit_t self:capability dac_read_search; |
|
165 |
|
userdom_use_inherited_user_ptys(rocketgit_t) |
|
166 |
|
|
161 |
167 |
# Locale |
# Locale |
162 |
168 |
miscfiles_read_localization(rocketgit_t) |
miscfiles_read_localization(rocketgit_t) |
163 |
169 |
|
|