search for: httpd_git_

...gitweb.cgi to query sssd to display who owns the repositories. The audit log entries are pretty straightforward, e.g., type=AVC msg=audit(XXXXXXXXXXXX): avc: denied { search } for pid=XXXX comm="gitweb.cgi" name="sss" dev=XXX ino=XXXXXXXXXXX scontext=unconfined_u:system_r:httpd_git_script_t:s0 tcontext=system_u:object_r:sssd_var_lib_t:s0 tclass=dir I'll use audit2allow to build a custom policy if need be, but what I'd really like to hear is that there's an SELinux boolean that can be tweaked or a file context that can be altered to make things work as expected...