Search
j0ke.net Open Build Service
>
Projects
>
home:jg
:
base:http
>
httpd
> httpd-2.4.1-selinux.patch
Sign Up
|
Log In
Username
Password
Cancel
Overview
Repositories
Revisions
Requests
Users
Advanced
Attributes
Meta
File httpd-2.4.1-selinux.patch of Package httpd
Log the SELinux context at startup. Upstream-Status: unlikely to be any interest in this upstream --- httpd-2.4.1/configure.in.selinux +++ httpd-2.4.1/configure.in @@ -458,6 +458,11 @@ fopen64 dnl confirm that a void pointer is large enough to store a long integer APACHE_CHECK_VOID_PTR_LEN +AC_CHECK_LIB(selinux, is_selinux_enabled, [ + AC_DEFINE(HAVE_SELINUX, 1, [Defined if SELinux is supported]) + APR_ADDTO(AP_LIBS, [-lselinux]) +]) + AC_CACHE_CHECK([for gettid()], ac_cv_gettid, [AC_TRY_RUN(#define _GNU_SOURCE #include <unistd.h> --- httpd-2.4.1/server/core.c.selinux +++ httpd-2.4.1/server/core.c @@ -58,6 +58,10 @@ #include <unistd.h> #endif +#ifdef HAVE_SELINUX +#include <selinux/selinux.h> +#endif + /* LimitRequestBody handling */ #define AP_LIMIT_REQ_BODY_UNSET ((apr_off_t) -1) #define AP_DEFAULT_LIMIT_REQ_BODY ((apr_off_t) 0) @@ -4452,6 +4456,28 @@ static int core_post_config(apr_pool_t * } #endif +#ifdef HAVE_SELINUX + { + static int already_warned = 0; + int is_enabled = is_selinux_enabled() > 0; + + if (is_enabled && !already_warned) { + security_context_t con; + + if (getcon(&con) == 0) { + + ap_log_error(APLOG_MARK, APLOG_NOTICE, 0, NULL, + "SELinux policy enabled; " + "httpd running as context %s", con); + + already_warned = 1; + + freecon(con); + } + } + } +#endif + return OK; }