Layer: services

Module: git

Tunables Interfaces

Description:

A really simple TCP git daemon that normally listens on port DEFAULT_GIT_PORT aka 9418. It waits for a connection asking for a service, and will serve that service if it is enabled.

It verifies that the directory has the magic file git-daemon-export-ok, and it will refuse to export any git directory that has not explicitly been marked for export this way (unless the --export-all parameter is specified). If you pass some directory paths as git-daemon arguments, you can further restrict the offers to a whitelist comprising of those.

By default, only upload-pack service is enabled, which serves git-fetch-pack and git-ls-remote clients, which are invoked from git-fetch, git-pull, and git-clone.

This is ideally suited for read-only updates, i.e., pulling from git repositories.

An upload-archive also exists to serve git-archive.


Tunables:

git_session_bind_all_unreserved_ports
Default value

false

Description

Allow Git daemon session to bind tcp sockets to all unreserved ports.

git_system_enable_homedirs
Default value

false

Description

Allow Git daemon system to search home directories.

git_system_use_cifs
Default value

false

Description

Allow Git daemon system to access cifs file systems.

git_system_use_nfs
Default value

false

Description

Allow Git daemon system to access nfs file systems.

Return

Interfaces:

git_execute_data_files( domain )
Summary

Allow the specified domain to execute Git daemon data files.

Parameters
Parameter:Description:
domain

Domain allowed access.

git_manage_data_content( domain )
Summary

Allow the specified domain to manage Git daemon data content.

Parameters
Parameter:Description:
domain

Domain allowed access.

git_manage_home_content( domain )
Summary

Allow the specified domain to manage Git daemon home content.

Parameters
Parameter:Description:
domain

Domain allowed access.

git_read_data_content( domain )
Summary

Allow the specified domain to read Git daemon data content.

Parameters
Parameter:Description:
domain

Domain allowed access.

git_read_home_content( domain )
Summary

Allow the specified domain to read Git daemon home content.

Parameters
Parameter:Description:
domain

Domain allowed access.

git_relabel_data_content( domain )
Summary

Allow the specified domain to relabel Git daemon data content.

Parameters
Parameter:Description:
domain

Domain allowed access.

git_relabel_home_content( domain )
Summary

Allow the specified domain to relabel Git daemon home content.

Parameters
Parameter:Description:
domain

Domain allowed access.

git_session_role( role , domain )
Summary

Role access for Git daemon session.

Parameters
Parameter:Description:
role

Role allowed access.

domain

User domain for the role.

git_system_admin( userdomain_prefix , domain , role )
Summary

All of the rules required to administrate an Git daemon system environment

Parameters
Parameter:Description:
userdomain_prefix

Prefix of the domain. Example, user would be the prefix for the user_t domain.

domain

Domain allowed access.

role

The role to be allowed to manage the Git daemon domain.

Return