update SELinux README

The documentation for SELinux has grown a little stale.  Refresh it and
convert it to markdown syntax¹.

Remove outdated data about the graphical system-config-selinux tool.

Mention that restorecon might be needed to update /var/lib/git.

Use the semanage equality option (-e) to simplify the command used to
add an alternate location for git repositories.

¹ The main reason to convert to markdown is to avoid pagure displaying
  it as one large blob.

1 files changed, 29 insertions, 0 deletions

diff --git a/README-SELinux.md b/README-SELinux.md
new file mode 100644
index 0000000..32ce880
--- /dev/null
+++ b/README-SELinux.md
@@ -0,0 +1,29 @@
+If your system has SELinux enabled, you must enable the `httpd_enable_cgi`
+boolean:
+
+    # setsebool -P httpd_enable_cgi 1
+
+Additionally, the git repositories need to be accessible to cgit.  This is
+handled automatically for repositories in the default path, `/var/lib/git`.
+
+If you have created `/var/lib/git` manually or have existing content in that
+directory, you may need to run `restorecon` to reset the SELinux context:
+
+    # restorecon -RF /var/lib/git
+
+If your repositories are in a different path, `/srv/git`, for example, you can
+set the proper context using `semanage`:
+
+    # semanage fcontext -a -e /var/lib/git /srv/git
+
+This sets the context of `/srv/git` equal to the default context of
+`/var/lib/git`.
+
+If you have other confined daemons that need to access the git repositories,
+you may want to use `public_content_t` or `public_content_rw_t` instead:
+
+    # semanage fcontext -a -t public_content_t "/srv/git(/.*)?"
+
+Then use `restorecon` to update the contexts:
+
+    # restorecon -RF /srv/git