Index: server/common/patches/httpd-suexec-scripts.patch
===================================================================
--- server/common/patches/httpd-suexec-scripts.patch	(revision 89)
+++ server/common/patches/httpd-suexec-scripts.patch	(revision 103)
@@ -1,4 +1,4 @@
 # scripts.mit.edu httpd suexec patch
-# Copyright (C) 2006  Jeff Arnold <jbarnold@mit.edu>
+# Copyright (C) 2006  Jeff Arnold <jbarnold@mit.edu>, Joe Presbrey <presbrey@mit.edu>
 #
 # This program is free software; you can redistribute it and/or
@@ -18,7 +18,26 @@
 # See /COPYRIGHT in this repository for more information.
 #
+--- httpd-2.2.2/support/Makefile.in.old	2005-07-06 19:15:34.000000000 -0400
++++ httpd-2.2.2/support/Makefile.in	2007-01-20 17:12:51.000000000 -0500
+@@ -60,7 +60,7 @@
+
+ suexec_OBJECTS = suexec.lo
+ suexec: $(suexec_OBJECTS)
+-	$(LINK) $(suexec_OBJECTS)
++	$(LINK) -lselinux $(suexec_OBJECTS)
+
+ htcacheclean_OBJECTS = htcacheclean.lo
+ htcacheclean: $(htcacheclean_OBJECTS)
 --- httpd-2.2.2/support/suexec.c.old	2006-04-21 21:53:06.000000000 -0400
 +++ httpd-2.2.2/support/suexec.c	2006-08-25 10:04:22.000000000 -0400
-@@ -95,6 +95,7 @@
+@@ -46,6 +46,7 @@
+ #include <stdio.h>
+ #include <stdarg.h>
+ #include <stdlib.h>
++#include <selinux/selinux.h>
+ 
+ #ifdef HAVE_PWD_H
+ #include <pwd.h>
+@@ -95,6 +96,7 @@
  {
      /* variable name starts with */
@@ -28,5 +47,5 @@
  
      /* variable name is */
-@@ -140,6 +141,7 @@
+@@ -140,6 +142,7 @@
      "UNIQUE_ID=",
      "USER_NAME=",
@@ -36,5 +55,32 @@
  };
  
-@@ -513,6 +515,12 @@
+@@ -450,7 +453,7 @@
+      * Error out if attempt is made to execute as root or as
+      * a UID less than AP_UID_MIN.  Tsk tsk.
+      */
+-    if ((uid == 0) || (uid < AP_UID_MIN)) {
++    if ((uid == 0) || (uid < AP_UID_MIN && uid != 102)) {
+         log_err("cannot run as forbidden uid (%d/%s)\n", uid, cmd);
+         exit(107);
+     }
+@@ -482,6 +485,17 @@
+         log_err("failed to setuid (%ld: %s)\n", uid, cmd);
+         exit(110);
+     }
++    if (uid == 102) {
++        if (setexeccon("user_u:user_r:signup_t:s0") == -1) {
++            log_err("failed to setexeccon (%ld: %s) to signup_t\n");
++            exit(201);
++        }
++    } else {
++        if (setexeccon("user_u:user_r:user_t:s0") == -1) {
++            log_err("failed to setexeccon (%ld: %s) to user_t\n");
++            exit(202);
++        }
++    }
+ 
+     /*
+      * Get the current working directory, as well as the proper
+@@ -513,6 +527,12 @@
              exit(113);
          }
@@ -49,5 +95,5 @@
      if ((strncmp(cwd, dwd, strlen(dwd))) != 0) {
          log_err("command not in docroot (%s/%s)\n", cwd, cmd);
-@@ -530,15 +538,17 @@
+@@ -530,15 +550,17 @@
      /*
       * Error out if cwd is writable by others.
@@ -68,5 +114,5 @@
          exit(117);
      }
-@@ -546,10 +556,12 @@
+@@ -546,10 +568,12 @@
      /*
       * Error out if the program is writable by others.
@@ -81,5 +127,5 @@
      /*
       * Error out if the file is setuid or setgid.
-@@ -563,6 +575,7 @@
+@@ -563,6 +587,7 @@
       * Error out if the target name/group is different from
       * the name/group of the cwd or the program.
@@ -89,5 +135,5 @@
          (gid != dir_info.st_gid) ||
          (uid != prg_info.st_uid) ||
-@@ -574,6 +587,7 @@
+@@ -574,6 +599,7 @@
                  prg_info.st_uid, prg_info.st_gid);
          exit(120);