此内容没有您所选择的语言版本。
7.4. Configuration Examples
7.4.1. Setting up CVS
复制链接链接已复制到粘贴板!
				This example describes a simple CVS setup and an SELinux configuration which allows remote access. Two hosts are used in this example; a CVS server with a host name of 
cvs-srv with an IP address of 192.168.1.1 and a client with a host name of cvs-client and an IP address of 192.168.1.100. Both hosts are on the same subnet (192.168.1.0/24). This is an example only and assumes that the cvs and xinetd packages are installed, that the SELinux targeted policy is used, and that SELinux is running in enforced mode.
			
				This example will show that even with full DAC permissions, SELinux can still enforce policy rules based on file labels and only allow access to certain areas that have been specifically labeled for access by CVS.
			
Note
					Steps 1-9 should be performed on the CVS server, 
cvs-srv.
				- This example requires the cvs and xinetd packages. Run therpm -q cvscommand to see if the cvs package is installed. If it is not installed, run the following command as the root user to install cvs:yum install cvs ~]# yum install cvsCopy to Clipboard Copied! Toggle word wrap Toggle overflow Run therpm -q xinetdcommand to see if the xinetd package is installed. If it is not installed, run the following command as the root user to install xinetd:yum install xinetd ~]# yum install xinetdCopy to Clipboard Copied! Toggle word wrap Toggle overflow 
- Create a group namedCVS. This can be done via thegroupadd CVScommand as the root user, or by using thesystem-config-userstool.
- Create a user with a user name ofcvsuserand make this user a member of the CVS group. This can be done using thesystem-config-userstool.
- Edit the/etc/servicesfile and make sure that the CVS server has uncommented entries looking similar to the following:cvspserver 2401/tcp # CVS client/server operations cvspserver 2401/udp # CVS client/server operations cvspserver 2401/tcp # CVS client/server operations cvspserver 2401/udp # CVS client/server operationsCopy to Clipboard Copied! Toggle word wrap Toggle overflow 
- Create the CVS repository in the root area of the file system. When using SELinux, it is best to have the repository in the root file system so that recursive labels can be given to it without affecting any other subdirectories. For example, as the root user, create a/cvs/directory to house the repository:mkdir /cvs [root@cvs-srv]# mkdir /cvsCopy to Clipboard Copied! Toggle word wrap Toggle overflow 
- Give full permissions to the/cvs/directory to all users:chmod -R 777 /cvs [root@cvs-srv]# chmod -R 777 /cvsCopy to Clipboard Copied! Toggle word wrap Toggle overflow Warning This is an example only and these permissions should not be used in a production system.
- Edit the/etc/xinetd.d/cvsfile and make sure that the CVS section is uncommented and configured to use the/cvs/directory. The file should look similar to:Copy to Clipboard Copied! Toggle word wrap Toggle overflow 
- Start thexinetddaemon by running theservice xinetd startcommand as the root user.
- Add a rule which allows inbound connections using TCP on port 2401 by using thesystem-config-firewalltool.
- As thecvsuseruser, run the following command:cvs -d /cvs init [cvsuser@cvs-client]$ cvs -d /cvs initCopy to Clipboard Copied! Toggle word wrap Toggle overflow 
- At this point, CVS has been configured but SELinux will still deny logins and file access. To demonstrate this, set the$CVSROOTvariable oncvs-clientand try to log in remotely. The following step should be performed oncvs-client:Copy to Clipboard Copied! Toggle word wrap Toggle overflow SELinux has blocked access. In order to get SELinux to allow this access, the following step should be performed oncvs-srv:
- Change the context of the/cvs/directory as the root user in order to recursively label any existing and new data in the/cvs/directory, giving it thecvs_data_ttype:semanage fcontext -a -t cvs_data_t '/cvs(/.*)?' restorecon -R -v /cvs [root@cvs-srv]# semanage fcontext -a -t cvs_data_t '/cvs(/.*)?' [root@cvs-srv]# restorecon -R -v /cvsCopy to Clipboard Copied! Toggle word wrap Toggle overflow 
- The client,cvs-clientshould now be able to log in and access all CVS resources in this repository:Copy to Clipboard Copied! Toggle word wrap Toggle overflow