I've set up gitweb on my web server. I have created projects on the server. I can add commits to them and also clone them remotely.
The gitweb "homepage" does display and the static files like css, logo, favicon are loaded when I visit my git.website.
Issue is I only see the message: No such projects found found..
Every time I refresh the webpage I see the following in my /var/log/httpd/error_log
[Wed Aug 04 00:39:32.321352 2021] [cgid:error] [pid 44346:tid 140132795492096] [client MY_HOME_IP:37700] fatal: mmap failed: Permission denied: /var/www/git/gitweb.cgi, referer: https://git.mydomain.abc/
I've confirmed httpd is running as the apache user and have the ownership of /var/www set to apache as well. The permissions are properly set up as well I believe:
[root@git ~]# ps auxw | grep httpd
root 44780 0.2 1.6 281804 13828 ? Ss 00:48 0:00 /usr/sbin/httpd -DFOREGROUND
apache 44782 0.0 1.0 295684 8876 ? S 00:48 0:00 /usr/sbin/httpd -DFOREGROUND
apache 44783 0.0 1.7 1484604 14712 ? Sl 00:48 0:00 /usr/sbin/httpd -DFOREGROUND
apache 44784 0.0 2.2 1353476 18956 ? Sl 00:48 0:00 /usr/sbin/httpd -DFOREGROUND
apache 44785 0.0 2.0 1353476 16760 ? Sl 00:48 0:00 /usr/sbin/httpd -DFOREGROUND
apache 45019 0.0 1.7 1353476 14708 ? Sl 00:48 0:00 /usr/sbin/httpd -DFOREGROUND
root 45141 0.0 0.1 221928 1140 pts/0 S+ 00:48 0:00 grep --color=auto httpd
[root@git ~]# ls -ld /var/ /var/www/ /var/www/git/ ; ls -lZ /var/www/git/gitweb.cgi
drwxr-xr-x. 21 root root 4096 Aug 2 18:16 /var/
drwxr-xr-x. 5 apache apache 44 Aug 2 18:23 /var/www/
drwxr-xr-x. 8 apache apache 179 Aug 4 00:18 /var/www/git/
-rwxr-xr-x. 1 apache apache system_u:object_r:git_script_exec_t:s0 253816 Jul 20 2020 /var/www/git/gitweb.cgi
[root@git ~]#
/etc/gitweb.conf
$projectroot = '/var/www/git/';
$git_temp = "/tmp";
$stylesheet = "static/gitweb.css";
$logo = "static/git-logo.png";
$favicon = "static/git-favicon.png";
/etc/httpd/conf.d/gitweb-le-ssl.conf
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName git.mydomain.abc
DocumentRoot /var/www/git
<Directory /var/www/git>
SetEnv GITWEB_CONFIG /etc/gitweb.conf
Options +ExecCGI +FollowSymLinks +SymLinksIfOwnerMatch
AllowOverride All
order allow,deny
Allow from all
AddHandler cgi-script .cgi
DirectoryIndex gitweb.cgi
</Directory>
<Files gitweb.cgi>
SetHandler cgi-script
</Files>
SSLCertificateFile /etc/letsencrypt/live/git.mydomain.abc/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/git.mydomain.abc/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
</IfModule>
If anybody sees what I've done wrong I'll very much appreciate some guidance.. Thanks!
EDIT1:
And here is the audit.log
type=SYSCALL msg=audit(1628072069.412:134): arch=c000003e syscall=9 success=no exit=-13 a0=0 a1=b9 a2=1 a3=2 items=0 ppid=2911 pid=2917 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="git" exe="/usr/bin/git" subj=system_u:system_r:git_script_t:s0 key=(null)ARCH=x86_64 SYSCALL=mmap AUID="unset" UID="apache" GID="apache" EUID="apache" SUID="apache" FSUID="apache" EGID="apache" SGID="apache" FSGID="apache"
type=PROCTITLE msg=audit(1628072069.412:134): proctitle=2F7573722F62696E2F676974002D2D6769742D6469723D2F7661722F7777772F6769742F2F796F75747562652D646C2D62617463682E67697400666F722D656163682D726566002D2D666F726D61743D2528636F6D6D697474657229002D2D736F72743D2D636F6D6D697474657264617465002D2D636F756E743D3100726566
type=AVC msg=audit(1628072069.433:135): avc: denied { map } for pid=2919 comm="git" path="/var/www/git/myrepo01.git/objects/1c/1c5ca1a07da5187a696cd1661d6b2a734ad98c" dev="vda1" ino=36639 scontext=system_u:system_r:git_script_t:s0 tcontext=unconfined_u:object_r:git_content_t:s0 tclass=file permissive=0
EDIT2
The issue boils down to SELinux which I am not an expert in. Changing the mode to Permissive I can now see all my repos..
However I have to figure out how to make it work with Enforced mode..
