update SELinux README

The documentation for SELinux has grown a little stale.  Refresh it and
convert it to markdown syntax¹.

Remove outdated data about the graphical system-config-selinux tool.

Mention that restorecon might be needed to update /var/lib/git.

Use the semanage equality option (-e) to simplify the command used to
add an alternate location for git repositories.

¹ The main reason to convert to markdown is to avoid pagure displaying
  it as one large blob.

3 files changed, 34 insertions, 23 deletions

diff --git a/README-SELinux.md b/README-SELinux.md
new file mode 100644
index 0000000..32ce880
--- /dev/null
+++ b/README-SELinux.md
@@ -0,0 +1,29 @@
+If your system has SELinux enabled, you must enable the `httpd_enable_cgi`
+boolean:
+
+    # setsebool -P httpd_enable_cgi 1
+
+Additionally, the git repositories need to be accessible to cgit.  This is
+handled automatically for repositories in the default path, `/var/lib/git`.
+
+If you have created `/var/lib/git` manually or have existing content in that
+directory, you may need to run `restorecon` to reset the SELinux context:
+
+    # restorecon -RF /var/lib/git
+
+If your repositories are in a different path, `/srv/git`, for example, you can
+set the proper context using `semanage`:
+
+    # semanage fcontext -a -e /var/lib/git /srv/git
+
+This sets the context of `/srv/git` equal to the default context of
+`/var/lib/git`.
+
+If you have other confined daemons that need to access the git repositories,
+you may want to use `public_content_t` or `public_content_rw_t` instead:
+
+    # semanage fcontext -a -t public_content_t "/srv/git(/.*)?"
+
+Then use `restorecon` to update the contexts:
+
+    # restorecon -RF /srv/git
diff --git a/README.SELinux b/README.SELinux
deleted file mode 100644
index 3af6c5a..0000000
--- a/README.SELinux
+++ /dev/null
@@ -1,21 +0,0 @@
-If you use SELinux, you need to ensure that the httpd_enable_cgi boolean is
-set properly.  This can be done via the command line, e.g.:
-
-   # setsebool -P httpd_enable_cgi 1
-
-Or you can use the graphical tool system-config-selinux, via System ->
-Administration -> SELinux Management on the Gnome menu.
-
-Additionally, the git repositories need to be readable by the cgi.  This is
-handled automatically for repositories in the default path, /var/lib/git.  If
-your repositories are in a different path, /srv/git, for example, you can set
-the proper context using semanage:
-
-    # semanage fcontext -a -t git_sys_content_t "/srv/git(/.*)?"
-
-If you have other confined daemons that need to access the git repositories,
-you may want to use public_content_t, or public_content_rw_t instead.
-
-Then use restorecon to update the contexts:
-
-    # restorecon -RF /srv/git
diff --git a/cgit.spec b/cgit.spec
index 8993f97..6be58c5 100644
--- a/cgit.spec
+++ b/cgit.spec
@@ -29,7 +29,7 @@
 
 Name:           cgit
 Version:        1.2.3
-Release:        6%{?dist}
+Release:        7%{?dist}
 Summary:        A fast web interface for git
 
 License:        GPLv2
@@ -37,7 +37,7 @@ URL:            https://git.zx2c4.com/cgit/
 Source0:        https://git.zx2c4.com/cgit/snapshot/%{name}-%{version}.tar.xz
 Source1:        https://www.kernel.org/pub/software/scm/git/git-%{gitver}.tar.xz
 Source2:        cgitrc
-Source3:        README.SELinux
+Source3:        README-SELinux.md
 
 # Jason A. Donenfeld's key is used to sign cgit releases.
 # https://www.zx2c4.com/keys/AB9942E6D4A4CFC3412620A749FC7012A5DE03AE.asc
@@ -213,6 +213,9 @@ make test
 
 
 %changelog
+* Mon Jul 26 2021 Todd Zullinger <tmz@pobox.com> - 1.2.3-7
+- update SELinux README
+
 * Wed Jul 21 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1.2.3-6
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild