rpms/mod_fcgid/devel mod_fcgid.spec, 1.1, 1.2 README.Fedora, 1.1, 1.2 README.SELinux, 1.1, 1.2

[Paul Howarth (pghmcfc)]

Author: pghmcfc

Update of /cvs/extras/rpms/mod_fcgid/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv26475

Modified Files:
	mod_fcgid.spec README.Fedora README.SELinux 
Log Message:
Include the right README* files (pesky common filenames...)



Index: mod_fcgid.spec
===================================================================
RCS file: /cvs/extras/rpms/mod_fcgid/devel/mod_fcgid.spec,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- mod_fcgid.spec	6 Sep 2006 13:08:59 -0000	1.1
+++ mod_fcgid.spec	6 Sep 2006 13:47:08 -0000	1.2
@@ -11,7 +11,7 @@
 
 Name:           mod_fcgid
 Version:        1.10
-Release:        6%{?dist}
+Release:        7%{?dist}
 Summary:        Apache2 module for high-performance server-side scripting 
 Group:          System Environment/Daemons
 License:        GPL
@@ -144,6 +144,9 @@
 %endif
 
 %changelog
+* Wed Sep  6 2006 Paul Howarth <paul at city-fan.org> 1.10-7
+- Include the right README* files
+
 * Tue Aug 29 2006 Paul Howarth <paul at city-fan.org> 1.10-6
 - Buildreqs for FC5 now identical to buildreqs for FC6 onwards
 


Index: README.Fedora
===================================================================
RCS file: /cvs/extras/rpms/mod_fcgid/devel/README.Fedora,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- README.Fedora	6 Sep 2006 13:08:59 -0000	1.1
+++ README.Fedora	6 Sep 2006 13:47:08 -0000	1.2
@@ -65,65 +65,3 @@
    service httpd restart
 
 That should do it!
-
-mod_fcgid with SELinux
-======================
-
-Versions of this package built for Fedora Core 5 or later include an SELinux
-policy module to support FastCGI applications. Again, this has only been tested
-with moin, so feedback from other applications is welcome. The intention is for
-this module to be included in the SELinux reference policy eventually.
-
-The module source (fastcgi.{fc,te}) is included for reference as documentation
-in the package.
-
-The module introduces a new set of SELinux types for FastCGI applications,
-comparable with the types described in "man httpd_selinux" for regular CGI
-scripts (or "system scripts" as they are known in SELinux):
-
- * httpd_fastcgi_content_t (equivalent to httpd_sys_content_t)
- - Set files with httpd_fastcgi_content_t for content that is available
-   from all FastCGI scripts and the daemon.
-
- * httpd_fastcgi_script_exec_t (equivalent to httpd_sys_script_exec_t)
- - Set FastCGI scripts with httpd_fastcgi_script_exec_t to allow them to run
-   with access to all fastcgi types.
-
- * httpd_fastcgi_script_ro_t (equivalent to httpd_sys_script_ro_t)
- - Set files with httpd_fastcgi_script_ro_t if you want
-   httpd_fastcgi_script_exec_t scripts to read the data, and disallow other
-   non-fastcgi scripts from access.
-
- * httpd_fastcgi_script_rw_t (equivalent to httpd_sys_script_rw_t)
- - Set files with httpd_fastcgi_script_rw_t if you want
-   httpd_fastcgi_script_exec_t scripts to read/write the data, and disallow
-   other non-fastcgi scripts from access.
-
- * httpd_fastcgi_script_ra_t (equivalent to httpd_sys_script_ra_t)
- - Set files with httpd_fastcgi_script_ra_t if you want
-   httpd_fastcgi_script_exec_t scripts to read/append to the file, and
-   disallow other non-fastcgi scripts from access.
-
-So for the moin wiki layout described above, the contexts would be set as
-follows:
-
-    cd /var/www/mywiki
-    chcon -t httpd_fastcgi_content_t .
-    chcon -R -t httpd_fastcgi_script_exec_t cgi-bin
-    chcon -R -t httpd_fastcgi_script_rw_t data underlay
-
-It is necessary to turn on the httpd_enable_cgi boolean to run either regular
-or FastCGI scripts:
-
-    setsebool -P httpd_enable_cgi 1
-
-If the httpd_unified boolean is set, "sys" and "fastcgi" scripts can access
-each other's data. This means that you only need to set the actual FastCGI
-scripts themselves to httpd_fastcgi_script_exec_t and can leave the file
-contexts for everything else set to the "sys" types if you prefer. This is
-useful if you have a mixture of CGI and FastCGI applications accessing the
-same data.
-
-If you have any questions or issues regarding FastCGI and SELinux, please don't
-hesitate to bring them up on fedora-selinux-list.
-


Index: README.SELinux
===================================================================
RCS file: /cvs/extras/rpms/mod_fcgid/devel/README.SELinux,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- README.SELinux	6 Sep 2006 13:08:59 -0000	1.1
+++ README.SELinux	6 Sep 2006 13:47:08 -0000	1.2
@@ -1,48 +1,61 @@
-CONFIGURING SELINUX FOR CONTAGGED
-=================================
+Using mod_fcgid with SELinux in Fedora Core 5 onwards
+=====================================================
 
-The contagged RPM package for Fedora Core 5 and later includes a policy module
-that ensures that all files required by the application get the correct
-SELinux file contexts.
+Versions of this package built for Fedora Core 5 or later include an SELinux
+policy module to support FastCGI applications. This has only been tested so far
+with moin, so feedback from other applications is welcome. The intention is for
+this module to be included in the SELinux reference policy eventually.
+
+The module source (fastcgi.{fc,te}) is included for reference as documentation
+in the package.
+
+The module introduces a new set of SELinux types for FastCGI applications,
+comparable with the types described in "man httpd_selinux" for regular CGI
+scripts (or "system scripts" as they are known in SELinux):
+
+ * httpd_fastcgi_content_t (equivalent to httpd_sys_content_t)
+ - Set files with httpd_fastcgi_content_t for content that is available
+   from all FastCGI scripts and the daemon.
+
+ * httpd_fastcgi_script_exec_t (equivalent to httpd_sys_script_exec_t)
+ - Set FastCGI scripts with httpd_fastcgi_script_exec_t to allow them to run
+   with access to all fastcgi types.
+
+ * httpd_fastcgi_script_ro_t (equivalent to httpd_sys_script_ro_t)
+ - Set files with httpd_fastcgi_script_ro_t if you want
+   httpd_fastcgi_script_exec_t scripts to read the data, and disallow other
+   non-fastcgi scripts from access.
+
+ * httpd_fastcgi_script_rw_t (equivalent to httpd_sys_script_rw_t)
+ - Set files with httpd_fastcgi_script_rw_t if you want
+   httpd_fastcgi_script_exec_t scripts to read/write the data, and disallow
+   other non-fastcgi scripts from access.
+
+ * httpd_fastcgi_script_ra_t (equivalent to httpd_sys_script_ra_t)
+ - Set files with httpd_fastcgi_script_ra_t if you want
+   httpd_fastcgi_script_exec_t scripts to read/append to the file, and
+   disallow other non-fastcgi scripts from access.
+
+So for the moin wiki layout described in README.Fedora of the main mod_fcgid
+package, the contexts would be set as follows:
+
+    cd /var/www/mywiki
+    chcon -t httpd_fastcgi_content_t .
+    chcon -R -t httpd_fastcgi_script_exec_t cgi-bin
+    chcon -R -t httpd_fastcgi_script_rw_t data underlay
+
+It is necessary to turn on the httpd_enable_cgi boolean to run either regular
+or FastCGI scripts:
+
+    setsebool -P httpd_enable_cgi 1
+
+If the httpd_unified boolean is set, "sys" and "fastcgi" scripts can access
+each other's data. This means that you only need to set the actual FastCGI
+scripts themselves to httpd_fastcgi_script_exec_t and can leave the file
+contexts for everything else set to the "sys" types if you prefer. This is
+useful if you have a mixture of CGI and FastCGI applications accessing the
+same data.
 
-However, there are a few SELinux booleans you need to set in order to use
-contagged:
-
-# setsebool -P httpd_builtin_scripting 1
-# setsebool -P httpd_enable_cgi 1
-# setsebool -P httpd_unified 1
-
-It is necessary to set these booleans because contagged is a PHP application.
-It is not necessary to set the httpd_can_network_connect boolean because the
-web server is allowed to connect to LDAP servers by default.
-
-If you are using an older distribution that does not support SELinux policy
-modules, you will need to set the file contexts manually:
-
-# chcon -R -t httpd_cache_t /var/cache/contagged
-
-You will need to repeat this step if the filesystem is relabelled.
-
-Once the configuration is set up as required, restart httpd:
-
-# service httpd restart
-
-ABOUT THE PACKAGE
-=================
-
-One of the reasons for building this package was to provide an example of how
-to include a custom SELinux policy module with an RPM package. It's unfortunate
-that the kludge of having to use restorecon in the post-install script is
-required but updates to rpm will be necessary before that can be avoided - see:
-http://www.redhat.com/archives/fedora-selinux-list/2006-May/msg00098.html
-
-An alternative approach (instead of using a loadable policy module) that some
-people have taken, particularly where the only required policy customisation is
-for file contexts, is to use semanage to add additional fcontext objects to the
-running policy. A significant disadvantage of this approach is that it's harder
-to manage future changes to policy, since all later versions of a package must
-be able to "undo" the policy fixes (e.g. remove fcontext objects) set up by all
-earlier versions of the package if there are changes to policy in later
-versions. Using policy modules makes this very easy, since semodule handles the
-upgrades very neatly (modules have version numbers).
+If you have any questions or issues regarding FastCGI and SELinux, please don't
+hesitate to bring them up on fedora-selinux-list.