Add Fedora SELinux tweaks for Apache

Pulled from http://goo.gl/mP00f into this script for convenience.

Signed-off-by: Dan Scott <dscott@laurentian.ca>

diff --git a/Open-ILS/examples/apache/selinux b/Open-ILS/examples/apache/selinux
new file mode 100755 (executable)
index 0000000..16d5ed1
--- /dev/null
+++ b/Open-ILS/examples/apache/selinux
@@ -0,0 +1,31 @@
+#!/bin/bash
+
+setsebool httpd_can_network_connect on
+
+# Mark web content as, well, web content
+chcon -R --type=httpd_sys_content_t /openils/lib/javascript
+chcon -R --type=httpd_sys_content_t /openils/var/web
+chcon -R --type=httpd_sys_content_t /openils/var/templates*
+chcon -R --type=httpd_sys_content_t /openils/var/data
+chcon -R --type=httpd_sys_content_t /openils/var/xsl
+chcon --type=httpd_sys_content_t /openils/conf/opensrf_core.xml
+chcon --type=httpd_sys_content_t /openils/conf/fm_IDL.xml 
+
+# Mark the custom Apache modules 
+chcon --user=system_u --type=httpd_modules_t /usr/lib64/httpd/modules/mod_xmlent.so 
+chcon --user=system_u --type=httpd_modules_t /usr/lib64/httpd/modules/osrf_*
+
+# Mark the dynamic libraries we need to load
+# "-h" changes the context of symlinks as well as files
+chcon -h --type=lib_t /openils/lib/*
+
+# Mark executable scripts
+chcon -t httpd_sys_script_exec_t /openils/bin/openurl_map.pl 
+chcon -t httpd_sys_script_exec_t /openils/bin/offline-blocked-list.pl 
+
+# Might not have been necessary
+chcon -R --user=system_u /usr/local/share/perl5/
+chcon --user=system_u /etc/httpd/conf.d/eg.conf 
+chcon --user=system_u /etc/httpd/startup.pl 
+chcon --user=system_u /etc/httpd/eg_vhost.conf 
+chcon -R --user=system_u /etc/httpd/ssl/