svn: Can’t open file ‘/var/www/svn/repo/db/txn-current-lock’: Permission denied

by

On Fedora os, I have problem to access SVN Repo and commit via HTTP.

Here is my config file

/etc/httpd/conf.d/subversion.conf
LoadModule dav_svn_module     modules/mod_dav_svn.so
LoadModule authz_svn_module   modules/mod_authz_svn.so
LoadModule dontdothat_module  modules/mod_dontdothat.so

<Location /svn>
   DAV svn
   SVNParentPath /var/www/svn
   SVNListParentPath On   
   SVNPathAuthz Off
   AuthType Basic
   AuthName "myRepos"
   AuthUserFile /etc/svn-pass
   AuthzSVNAccessFile /etc/svn-authz   
   Require valid-user
</Location>

Error:

Share project was failed.
svn: Can’t open file ‘/var/www/svn/repo/db/txn-current-lock’: Permission deniedsvn: MKACTIVITY of
‘/svn/repo/!svn/act/4b515a33-4801-0010-8d84-bddd16ee6e1b’: 500
Internal Server Error (http://example.com:8080)

And here is the directory :

./repo/db: total 56K drwxr-sr-x. 6 apache apache 4.0K Sep  1 01:03 ./ drwxr-xr-x. 6 apache apache 4.0K Aug 30 23:20 ../
-rw-r--r--. 1 apache apache    2 Sep  1 01:03 current
-r--r--r--. 1 apache apache   22 Aug 30 23:20 format
-rw-r--r--. 1 apache apache 2.0K Aug 30 23:20 fsfs.conf
-rw-r--r--. 1 apache apache    5 Aug 30 23:20 fs-type
-rw-r--r--. 1 apache apache    2 Aug 30 23:20 min-unpacked-rev
-rw-r--r--. 1 apache apache 4.0K Aug 30 23:24 rep-cache.db drwxr-sr-x. 3 apache apache 4.0K Aug 30 23:20 revprops/ drwxr-sr-x. 3 apache apache 4.0K Aug 30 23:20 revs/ drwxr-sr-x. 2 apache apache 4.0K Sep  1 01:03 transactions/
-rw-r--r--. 1 apache apache    2 Sep  1 01:03 txn-current
-rw-r--r--. 1 apache apache    0 Aug 30 23:20 txn-current-lock drwxr-sr-x. 2 apache apache 4.0K Sep  1 01:03 txn-protorevs/
-rw-r--r--. 1 apache apache   37 Aug 30 23:20 uuid
-rw-r--r--. 1 apache apache    0 Aug 30 23:20 write-lock

and

./repo/db: drwxr-sr-x. apache apache
unconfined_u:object_r:httpd_sys_content_t:s0 ./ drwxr-xr-x. apache
apache unconfined_u:object_r:httpd_sys_content_t:s0 ../
-rw-r–r–. apache apache system_u:object_r:httpd_sys_content_t:s0 current
-r–r–r–. apache apache unconfined_u:object_r:httpd_sys_content_t:s0 format
-rw-r–r–. apache apache unconfined_u:object_r:httpd_sys_content_t:s0 fsfs.conf
-rw-r–r–. apache apache unconfined_u:object_r:httpd_sys_content_t:s0 fs-type
-rw-r–r–. apache apache unconfined_u:object_r:httpd_sys_content_t:s0 min-unpacked-rev
-rw-r–r–. apache apache unconfined_u:object_r:httpd_sys_content_t:s0 rep-cache.db drwxr-sr-x. apache apache
unconfined_u:object_r:httpd_sys_content_t:s0 revprops/ drwxr-sr-x.
apache apache unconfined_u:object_r:httpd_sys_content_t:s0 revs/
drwxr-sr-x. apache apache unconfined_u:object_r:httpd_sys_content_t:s0
transactions/
-rw-r–r–. apache apache system_u:object_r:httpd_sys_content_t:s0 txn-current
-rw-r–r–. apache apache unconfined_u:object_r:httpd_sys_content_t:s0 txn-current-lock drwxr-sr-x. apache apache
unconfined_u:object_r:httpd_sys_content_t:s0 txn-protorevs/
-rw-r–r–. apache apache unconfined_u:object_r:httpd_sys_content_t:s0 uuid
-rw-r–r–. apache apache unconfined_u:object_r:httpd_sys_content_t:s0 write-lock

Answer

SELinux problem again

It’s permission problem. But not “classic” read/write permissions of apache user, but selinux one.

Apache cannot write to files labeled as httpd_sys_content_t they can be only read by apache.

You have 2 possibilities:

label svn repository files as httpd_sys_content_rw_t:

   1- chcon -R -t httpd_sys_content_rw_t /path/to/your/svn/repo

set selinux boolean httpd_unified –> on

  2 - setsebool -P httpd_unified=1

Prefered 2nd possibility.

Attribution
Source : Link , Question Author : Emax , Answer Author : Emax

Leave a Comment