我已经在我的网络服务器上设置了 gitweb。我在服务器上创建了项目。我可以向它们添加提交,也可以远程克隆它们。
当我访问我的 git.website 时,会显示 gitweb“主页”,并且会加载 css、logo、favicon 等静态文件。
问题是我只看到消息:未 找到此类项目。每次刷新网页时,我都会在 /var/log/httpd/error_log 中看到以下内容
[Wed Aug 04 00:39:32.321352 2021] [cgid:error] [pid 44346:tid 140132795492096] [client MY_HOME_IP:37700] fatal: mmap failed: Permission denied: /var/www/git/gitweb.cgi, referer: https://git.mydomain.abc/
我已经确认 httpd 以 apache 用户身份运行,并且 /var/www 的所有权也设置为 apache。我相信权限也已正确设置:
[root@git ~]# ps auxw | grep httpd
root 44780 0.2 1.6 281804 13828 ? Ss 00:48 0:00 /usr/sbin/httpd -DFOREGROUND
apache 44782 0.0 1.0 295684 8876 ? S 00:48 0:00 /usr/sbin/httpd -DFOREGROUND
apache 44783 0.0 1.7 1484604 14712 ? Sl 00:48 0:00 /usr/sbin/httpd -DFOREGROUND
apache 44784 0.0 2.2 1353476 18956 ? Sl 00:48 0:00 /usr/sbin/httpd -DFOREGROUND
apache 44785 0.0 2.0 1353476 16760 ? Sl 00:48 0:00 /usr/sbin/httpd -DFOREGROUND
apache 45019 0.0 1.7 1353476 14708 ? Sl 00:48 0:00 /usr/sbin/httpd -DFOREGROUND
root 45141 0.0 0.1 221928 1140 pts/0 S+ 00:48 0:00 grep --color=auto httpd
[root@git ~]# ls -ld /var/ /var/www/ /var/www/git/ ; ls -lZ /var/www/git/gitweb.cgi
drwxr-xr-x. 21 root root 4096 Aug 2 18:16 /var/
drwxr-xr-x. 5 apache apache 44 Aug 2 18:23 /var/www/
drwxr-xr-x. 8 apache apache 179 Aug 4 00:18 /var/www/git/
-rwxr-xr-x. 1 apache apache system_u:object_r:git_script_exec_t:s0 253816 Jul 20 2020 /var/www/git/gitweb.cgi
[root@git ~]#
/etc/gitweb.conf
$projectroot = '/var/www/git/';
$git_temp = "/tmp";
$stylesheet = "static/gitweb.css";
$logo = "static/git-logo.png";
$favicon = "static/git-favicon.png";
/etc/httpd/conf.d/gitweb-le-ssl.conf
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName git.mydomain.abc
DocumentRoot /var/www/git
<Directory /var/www/git>
SetEnv GITWEB_CONFIG /etc/gitweb.conf
Options +ExecCGI +FollowSymLinks +SymLinksIfOwnerMatch
AllowOverride All
order allow,deny
Allow from all
AddHandler cgi-script .cgi
DirectoryIndex gitweb.cgi
</Directory>
<Files gitweb.cgi>
SetHandler cgi-script
</Files>
SSLCertificateFile /etc/letsencrypt/live/git.mydomain.abc/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/git.mydomain.abc/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
</IfModule>
如果有人看到我做错了什么,我将非常感谢一些指导.. 谢谢!
EDIT1: 这里是 audit.log
type=SYSCALL msg=audit(1628072069.412:134): arch=c000003e syscall=9 success=no exit=-13 a0=0 a1=b9 a2=1 a3=2 items=0 ppid=2911 pid=2917 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="git" exe="/usr/bin/git" subj=system_u:system_r:git_script_t:s0 key=(null)ARCH=x86_64 SYSCALL=mmap AUID="unset" UID="apache" GID="apache" EUID="apache" SUID="apache" FSUID="apache" EGID="apache" SGID="apache" FSGID="apache"
type=PROCTITLE msg=audit(1628072069.412:134): proctitle=2F7573722F62696E2F676974002D2D6769742D6469723D2F7661722F7777772F6769742F2F796F75747562652D646C2D62617463682E67697400666F722D656163682D726566002D2D666F726D61743D2528636F6D6D697474657229002D2D736F72743D2D636F6D6D697474657264617465002D2D636F756E743D3100726566
type=AVC msg=audit(1628072069.433:135): avc: denied { map } for pid=2919 comm="git" path="/var/www/git/myrepo01.git/objects/1c/1c5ca1a07da5187a696cd1661d6b2a734ad98c" dev="vda1" ino=36639 scontext=system_u:system_r:git_script_t:s0 tcontext=unconfined_u:object_r:git_content_t:s0 tclass=file permissive=0
EDIT2 问题归结为我不是专家的 SELinux。将模式更改为Permissive我现在可以看到我的所有存储库..但是我必须弄清楚如何使它与Enforced模式一起工作..