From 8ae2b5cb0c372bf8df33b20770b96115587a9dca Mon Sep 17 00:00:00 2001
From: Paul Howarth <pghmcfc@fedoraproject.org>
Date: Jan 03 2008 23:56:46 +0000
Subject: Update SELinux policy to support file transition to httpd_tmp_t for

    temporary files

---

diff --git a/fastcgi-2.5.te b/fastcgi-2.5.te
index a9ebcdf..6ccd091 100644
--- a/fastcgi-2.5.te
+++ b/fastcgi-2.5.te
@@ -1,4 +1,4 @@
-policy_module(fastcgi, 0.2.0)
+policy_module(fastcgi, 0.2.1)
 
 type httpd_fastcgi_sock_t;
 files_type(httpd_fastcgi_sock_t)
@@ -10,6 +10,7 @@ require {
 	type httpd_log_t;
 	type httpd_sys_script_exec_t;
 	type httpd_sys_content_t;
+	type httpd_tmp_t;
 };
 
 # ==========================================================
@@ -79,6 +80,11 @@ dontaudit httpd_fastcgi_script_t httpd_config_t:dir search;
 
 fs_search_auto_mountpoints(httpd_fastcgi_script_t)
 
+# PHP uploads a file to /tmp and then execs programs to action them
+manage_dirs_pattern(httpd_fastcgi_script_t,httpd_tmp_t,httpd_tmp_t)
+manage_files_pattern(httpd_fastcgi_script_t,httpd_tmp_t,httpd_tmp_t)
+files_tmp_filetrans(httpd_fastcgi_script_t,httpd_fastcgi_script_rw_t,{ dir file lnk_file sock_file fifo_file })
+
 files_search_var_lib(httpd_fastcgi_script_t)
 files_search_spool(httpd_fastcgi_script_t)
 
diff --git a/fastcgi.te b/fastcgi.te
index 17b8253..21ec18b 100644
--- a/fastcgi.te
+++ b/fastcgi.te
@@ -1,4 +1,4 @@
-policy_module(fastcgi, 0.1.7)
+policy_module(fastcgi, 0.1.8)
 
 type httpd_fastcgi_sock_t;
 files_type(httpd_fastcgi_sock_t)
@@ -10,6 +10,7 @@ require {
 	type httpd_log_t;
 	type httpd_sys_script_exec_t;
 	type httpd_sys_content_t;
+	type httpd_tmp_t;
 };
 
 # ==========================================================
@@ -69,6 +70,11 @@ dontaudit httpd_fastcgi_script_t httpd_config_t:dir search;
 
 fs_search_auto_mountpoints(httpd_fastcgi_script_t)
 
+# PHP uploads a file to /tmp and then execs programs to action them
+allow httpd_fastcgi_script_t httpd_tmp_t:dir manage_dir_perms;
+allow httpd_fastcgi_script_t httpd_tmp_t:file manage_file_perms;
+files_tmp_filetrans(httpd_fastcgi_script_t,httpd_fastcgi_script_rw_t,{ dir file lnk_file sock_file fifo_file })
+
 files_search_var_lib(httpd_fastcgi_script_t)
 files_search_spool(httpd_fastcgi_script_t)
 
diff --git a/mod_fcgid.spec b/mod_fcgid.spec
index 7e1ddfe..2cdddc4 100644
--- a/mod_fcgid.spec
+++ b/mod_fcgid.spec
@@ -11,7 +11,7 @@
 
 Name:		mod_fcgid
 Version:	2.2
-Release:	1%{?dist}
+Release:	2%{?dist}
 Summary:	Apache2 module for high-performance server-side scripting 
 Group:		System Environment/Daemons
 License:	GPL+
@@ -157,6 +157,10 @@ exit 0
 %endif
 
 %changelog
+* Thu Jan  3 2008 Paul Howarth <paul@city-fan.org> 2.2-2
+- Update SELinux policy to support file transition to httpd_tmp_t for
+  temporary files
+
 * Fri Sep 14 2007 Paul Howarth <paul@city-fan.org> 2.2-1
 - Update to version 2.2
 - Make sure docs are encoded as UTF-8