rpms/mod_fcgid
5
0
Fork 0
Code Issues Pull Requests Releases Activity

Don't use /etc/httpd/run as basis of "run" directory as its DAC permissions

Browse Source 
are not permissive enough in F-11 onwards; instead, revert to
    /var/run/mod_fcgid and tweak default config accordingly (#502273)
This commit is contained in:
Paul Howarth 2009-05-26 15:52:47 +00:00
parent 7847f60cb2
commit 40c4f35dec
2 changed files with 10 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
fcgid.conf
View File

@ -12,5 +12,5 @@ LoadModule fcgid_module modules/mod_fcgid.so
</IfModule> </IfModule>
# Sane place to put sockets and shared memory file # Sane place to put sockets and shared memory file
SocketPath run/mod_fcgid SocketPath /var/run/mod_fcgid
SharememPath run/mod_fcgid/fcgid_shm SharememPath /var/run/mod_fcgid/fcgid_shm

14
mod_fcgid.spec
View File

@ -14,12 +14,9 @@
%global selinux_buildreqs checkpolicy, selinux-policy-devel, hardlink %global selinux_buildreqs checkpolicy, selinux-policy-devel, hardlink
%endif %endif
# /etc/httpd/run is a symlink to /var/run prior to Fedora 11, to /var/run/httpd thereafter
%global rundir %(/usr/bin/readlink /etc/httpd/run | %{__sed} -e 's|^\.\./\.\.||')
Name: mod_fcgid Name: mod_fcgid
Version: 2.2 Version: 2.2
Release: 11%{?dist} Release: 12%{?dist}
Summary: Apache2 module for high-performance server-side scripting Summary: Apache2 module for high-performance server-side scripting
Group: System Environment/Daemons Group: System Environment/Daemons
License: GPL+ License: GPL+
@ -120,7 +117,7 @@ topdir=$(/usr/bin/dirname $(/usr/sbin/apxs -q exp_installbuilddir))
MKINSTALLDIRS="%{__mkdir_p}" \ MKINSTALLDIRS="%{__mkdir_p}" \
install install
%{__install} -D -m 644 fcgid.conf %{buildroot}%{_sysconfdir}/httpd/conf.d/fcgid.conf %{__install} -D -m 644 fcgid.conf %{buildroot}%{_sysconfdir}/httpd/conf.d/fcgid.conf
%{__install} -d -m 755 %{buildroot}%{rundir}/mod_fcgid %{__install} -d -m 755 %{buildroot}%{_localstatedir}/run/mod_fcgid
# Install SELinux policy modules # Install SELinux policy modules
%if %{selinux_module} %if %{selinux_module}
@ -168,7 +165,7 @@ exit 0
%doc README.RPM %doc README.RPM
%{_libdir}/httpd/modules/mod_fcgid.so %{_libdir}/httpd/modules/mod_fcgid.so
%config(noreplace) %{_sysconfdir}/httpd/conf.d/fcgid.conf %config(noreplace) %{_sysconfdir}/httpd/conf.d/fcgid.conf
%dir %attr(0755,apache,apache) %{rundir}/mod_fcgid/ %dir %attr(0755,apache,apache) %{_localstatedir}/run/mod_fcgid/
%if %{selinux_module} %if %{selinux_module}
%files selinux %files selinux
@ -178,6 +175,11 @@ exit 0
%endif %endif
%changelog %changelog
* Tue May 26 2009 Paul Howarth <paul@city-fan.org> 2.2-12
- Don't use /etc/httpd/run as basis of "run" directory as its DAC permissions
are not permissive enough in F-11 onwards; instead, revert to
/var/run/mod_fcgid and tweak default config accordingly (#502273)
* Sun May 17 2009 Paul Howarth <paul@city-fan.org> 2.2-11 * Sun May 17 2009 Paul Howarth <paul@city-fan.org> 2.2-11
- Follow link /etc/httpd/run and make our "run" directory a subdir of wherever - Follow link /etc/httpd/run and make our "run" directory a subdir of wherever
that leads (#501123) that leads (#501123)