SELinux Targeted Policy for the git-daemon

SELinux targeted policy module which extends kernel mandatory access control policies to the git-daemon Server. The module has been compiled and tested on Red Hat Enterprise Linux 5 and CentOS 5.

Features

Provides an additional layer of protection around the standalone git-daemon process.

Dependencies

The following packages must be installed for policy compilation:

  • selinux-policy-targeted
  • selinux-policy-devel

To install the prerequisite packages, use RPM or YUM.

Example: sudo yum install selinux-policy-devel

Compilation and Installation

  1. Unpack the archive (likely already completed if you are reading this)
  2. Adjust file paths in git-daemon.fc to match the requirements of your system or distribution.
  3. Run “make”
  4. Install the resulting git-daemon.pp SELinux module (i.e. sudo /usr/sbin/semodule -i git-daemon.pp)
  5. Reset file contexts (i.e. sudo /sbin/restorecon -FRrv <path where git executables are located> and sudo /sbin/restorecon -FRrv <path of git repository>)
  6. Restart git-daemon