rpms/mod_fcgid/F-8 fastcgi-2.5.te, 1.2, 1.3 fastcgi.fc, 1.1, 1.2 fastcgi.te, 1.3, 1.4 fcgid.conf, 1.2, 1.3 mod_fcgid.spec, 1.9, 1.10
Paul Howarth (pghmcfc)
fedora-extras-commits at redhat.com
Mon Jan 14 12:01:14 UTC 2008
- Previous message (by thread): rpms/mod_fcgid/devel fastcgi-2.5.te, 1.2, 1.3 fastcgi.fc, 1.1, 1.2 fastcgi.te, 1.3, 1.4 fcgid.conf, 1.2, 1.3 mod_fcgid.spec, 1.9, 1.10
- Next message (by thread): rpms/mod_fcgid/F-7 fastcgi-2.5.te, 1.2, 1.3 fastcgi.fc, 1.1, 1.2 fastcgi.te, 1.3, 1.4 fcgid.conf, 1.2, 1.3 mod_fcgid.spec, 1.7, 1.8
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: pghmcfc
Update of /cvs/pkgs/rpms/mod_fcgid/F-8
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv5811
Modified Files:
fastcgi-2.5.te fastcgi.fc fastcgi.te fcgid.conf mod_fcgid.spec
Log Message:
Update SELinux policy to fix occasional failures on restarts
(move shared memory file into /var/run/mod_fcgid directory)
Index: fastcgi-2.5.te
===================================================================
RCS file: /cvs/pkgs/rpms/mod_fcgid/F-8/fastcgi-2.5.te,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- fastcgi-2.5.te 3 Jan 2008 20:21:07 -0000 1.2
+++ fastcgi-2.5.te 14 Jan 2008 12:00:39 -0000 1.3
@@ -1,7 +1,7 @@
-policy_module(fastcgi, 0.2.1)
+policy_module(fastcgi, 0.2.2)
-type httpd_fastcgi_sock_t;
-files_type(httpd_fastcgi_sock_t)
+type httpd_fastcgi_var_run_t;
+files_type(httpd_fastcgi_var_run_t)
require {
type devpts_t;
@@ -53,9 +53,10 @@
# Allow FastCGI applications to read the routing table
allow httpd_fastcgi_script_t self:netlink_route_socket { r_netlink_socket_perms };
-# Allow httpd to create and use sockets for communicating with mod_fcgid
-manage_sock_files_pattern(httpd_t,httpd_fastcgi_sock_t,httpd_fastcgi_sock_t)
-allow httpd_t httpd_fastcgi_sock_t:dir { setattr };
+# Allow httpd to create and use files and sockets for communicating with mod_fcgid
+manage_files_pattern(httpd_t,httpd_fastcgi_var_run_t,httpd_fastcgi_var_run_t)
+manage_sock_files_pattern(httpd_t,httpd_fastcgi_var_run_t,httpd_fastcgi_var_run_t)
+setattr_dirs_pattern(httpd_t,httpd_fastcgi_var_run_t,httpd_fastcgi_var_run_t)
# Allow httpd to read httpd_fastcgi_content_t
allow httpd_t httpd_fastcgi_content_t:dir list_dir_perms;
@@ -66,11 +67,9 @@
# sockets and respond to them
allow httpd_fastcgi_script_t httpd_t:unix_stream_socket { rw_stream_socket_perms };
-# FastCGI application doing something to the httpd error log
-dontaudit httpd_fastcgi_script_t httpd_log_t:file ioctl;
-
-# Not sure what this is doing (happens when fastcgi scripts start)
+# These are probably leaked file descriptors
dontaudit httpd_t devpts_t:chr_file ioctl;
+dontaudit httpd_fastcgi_script_t httpd_log_t:file ioctl;
# ======================================================
# Equivalent policy cribbed from httpd_sys_script_t
Index: fastcgi.fc
===================================================================
RCS file: /cvs/pkgs/rpms/mod_fcgid/F-8/fastcgi.fc,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- fastcgi.fc 6 Sep 2006 13:08:59 -0000 1.1
+++ fastcgi.fc 14 Jan 2008 12:00:39 -0000 1.2
@@ -1 +1 @@
-/var/run/mod_fcgid(/.*)? gen_context(system_u:object_r:httpd_fastcgi_sock_t,s0)
+/var/run/mod_fcgid(/.*)? gen_context(system_u:object_r:httpd_fastcgi_var_run_t,s0)
Index: fastcgi.te
===================================================================
RCS file: /cvs/pkgs/rpms/mod_fcgid/F-8/fastcgi.te,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -r1.3 -r1.4
--- fastcgi.te 3 Jan 2008 20:21:07 -0000 1.3
+++ fastcgi.te 14 Jan 2008 12:00:39 -0000 1.4
@@ -1,7 +1,7 @@
-policy_module(fastcgi, 0.1.8)
+policy_module(fastcgi, 0.1.9)
-type httpd_fastcgi_sock_t;
-files_type(httpd_fastcgi_sock_t)
+type httpd_fastcgi_var_run_t;
+files_type(httpd_fastcgi_var_run_t)
require {
type devpts_t;
@@ -42,9 +42,10 @@
# Allow FastCGI applications to read the routing table
allow httpd_fastcgi_script_t self:netlink_route_socket { r_netlink_socket_perms };
-# Allow httpd to create and use sockets for communicating with mod_fcgid
-allow httpd_t httpd_fastcgi_sock_t:dir { rw_dir_perms setattr };
-allow httpd_t httpd_fastcgi_sock_t:sock_file { create_file_perms };
+# Allow httpd to create and use files and sockets for communicating with mod_fcgid
+allow httpd_t httpd_fastcgi_var_run_t:dir { rw_dir_perms setattr };
+allow httpd_t httpd_fastcgi_var_run_t:file { create_file_perms };
+allow httpd_t httpd_fastcgi_var_run_t:sock_file { create_file_perms };
# Allow httpd to read httpd_fastcgi_content_t
# (shouldn't this be in the content template?)
@@ -56,11 +57,9 @@
# sockets and respond to them
allow httpd_fastcgi_script_t httpd_t:unix_stream_socket { rw_stream_socket_perms };
-# FastCGI application doing something to the httpd error log
-dontaudit httpd_fastcgi_script_t httpd_log_t:file ioctl;
-
-# Not sure what this is doing (happens when fastcgi scripts start)
+# These are probably leaked file descriptors
dontaudit httpd_t devpts_t:chr_file ioctl;
+dontaudit httpd_fastcgi_script_t httpd_log_t:file ioctl;
# ======================================================
# Equivalent policy cribbed from httpd_sys_script_t
Index: fcgid.conf
===================================================================
RCS file: /cvs/pkgs/rpms/mod_fcgid/F-8/fcgid.conf,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- fcgid.conf 16 Feb 2007 14:20:03 -0000 1.2
+++ fcgid.conf 14 Jan 2008 12:00:39 -0000 1.3
@@ -13,4 +13,4 @@
# Sane place to put sockets and shared memory file
SocketPath run/mod_fcgid
-SharememPath run/fcgid_shm
+SharememPath run/mod_fcgid/fcgid_shm
Index: mod_fcgid.spec
===================================================================
RCS file: /cvs/pkgs/rpms/mod_fcgid/F-8/mod_fcgid.spec,v
retrieving revision 1.9
retrieving revision 1.10
diff -u -r1.9 -r1.10
--- mod_fcgid.spec 3 Jan 2008 20:21:07 -0000 1.9
+++ mod_fcgid.spec 14 Jan 2008 12:00:39 -0000 1.10
@@ -11,7 +11,7 @@
Name: mod_fcgid
Version: 2.2
-Release: 2%{?dist}
+Release: 3%{?dist}
Summary: Apache2 module for high-performance server-side scripting
Group: System Environment/Daemons
License: GPL+
@@ -125,7 +125,7 @@
%{_datadir}/selinux/${selinuxvariant}/fastcgi.pp &> /dev/null || :
done
# Fix up non-standard directory context
-/sbin/restorecon %{_localstatedir}/run/mod_fcgid || :
+/sbin/restorecon -R %{_localstatedir}/run/mod_fcgid || :
%postun selinux
# Clean up after package removal
@@ -157,6 +157,10 @@
%endif
%changelog
+* Mon Jan 14 2008 Paul Howarth <paul at city-fan.org> 2.2-3
+- Update SELinux policy to fix occasional failures on restarts
+ (move shared memory file into /var/run/mod_fcgid directory)
+
* Thu Jan 3 2008 Paul Howarth <paul at city-fan.org> 2.2-2
- Update SELinux policy to support file transition to httpd_tmp_t for
temporary files
- Previous message (by thread): rpms/mod_fcgid/devel fastcgi-2.5.te, 1.2, 1.3 fastcgi.fc, 1.1, 1.2 fastcgi.te, 1.3, 1.4 fcgid.conf, 1.2, 1.3 mod_fcgid.spec, 1.9, 1.10
- Next message (by thread): rpms/mod_fcgid/F-7 fastcgi-2.5.te, 1.2, 1.3 fastcgi.fc, 1.1, 1.2 fastcgi.te, 1.3, 1.4 fcgid.conf, 1.2, 1.3 mod_fcgid.spec, 1.7, 1.8
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-extras-commits
mailing list