1 files changed, 63 insertions, 0 deletions
diff --git a/meta-webserver/recipes-httpd/apache2/apache2-2.4.4/httpd-2.4.1-selinux.patch b/meta-webserver/recipes-httpd/apache2/apache2-2.4.4/httpd-2.4.1-selinux.patch
new file mode 100644
index 000000000..873328d9b
--- /dev/null
+++ b/meta-webserver/recipes-httpd/apache2/apache2-2.4.4/httpd-2.4.1-selinux.patch
@@ -0,0 +1,63 @@
+Log the SELinux context at startup.
+Upstream-Status: Inappropriate [other]
+Note: unlikely to be any interest in this upstream
+--- httpd-2.4.1/configure.in.selinux
+++ httpd-2.4.1/configure.in
+@@ -458,6 +458,11 @@ fopen64
+ dnl confirm that a void pointer is large enough to store a long integer
+ APACHE_CHECK_VOID_PTR_LEN
+ 
+AC_CHECK_LIB(selinux, is_selinux_enabled, [
+   AC_DEFINE(HAVE_SELINUX, 1, [Defined if SELinux is supported])
+   APR_ADDTO(AP_LIBS, [-lselinux])
+])
+
+ AC_CACHE_CHECK([for gettid()], ac_cv_gettid,
+ [AC_TRY_RUN(#define _GNU_SOURCE
+ #include <unistd.h>
+--- httpd-2.4.1/server/core.c.selinux
+++ httpd-2.4.1/server/core.c
+@@ -58,6 +58,10 @@
+ #include <unistd.h>
+ #endif
+ 
+#ifdef HAVE_SELINUX
+#include <selinux/selinux.h>
+#endif
+
+ /* LimitRequestBody handling */
+ #define AP_LIMIT_REQ_BODY_UNSET         ((apr_off_t) -1)
+ #define AP_DEFAULT_LIMIT_REQ_BODY       ((apr_off_t) 0)
+@@ -4452,6 +4456,28 @@ static int core_post_config(apr_pool_t *
+     }
+ #endif
+ 
+#ifdef HAVE_SELINUX
+    {
+        static int already_warned = 0;
+        int is_enabled = is_selinux_enabled() > 0;
+        
+        if (is_enabled && !already_warned) {
+            security_context_t con;
+            
+            if (getcon(&con) == 0) {
+                
+                ap_log_error(APLOG_MARK, APLOG_NOTICE, 0, NULL,
+                             "SELinux policy enabled; "
+                             "httpd running as context %s", con);
+                
+                already_warned = 1;
+                
+                freecon(con);
+            }
+        }
+    }
+#endif
+
+     return OK;
+ }
+

diff --git a/meta-webserver/recipes-httpd/apache2/apache2-2.4.4/httpd-2.4.1-selinux.patch b/meta-webserver/recipes-httpd/apache2/apache2-2.4.4/httpd-2.4.1-selinux.patch new file mode 100644 index 000000000..873328d9b --- /dev/null +++ b/meta-webserver/recipes-httpd/apache2/apache2-2.4.4/httpd-2.4.1-selinux.patch
@@ -0,0 +1,63 @@
	1
	2	Log the SELinux context at startup.
	3
	4	Upstream-Status: Inappropriate [other]
	5
	6	Note: unlikely to be any interest in this upstream
	7
	8	--- httpd-2.4.1/configure.in.selinux
	9	+++ httpd-2.4.1/configure.in
	10	@@ -458,6 +458,11 @@ fopen64
	11	dnl confirm that a void pointer is large enough to store a long integer
	12	APACHE_CHECK_VOID_PTR_LEN
	13
	14	+AC_CHECK_LIB(selinux, is_selinux_enabled, [
	15	+ AC_DEFINE(HAVE_SELINUX, 1, [Defined if SELinux is supported])
	16	+ APR_ADDTO(AP_LIBS, [-lselinux])
	17	+])
	18	+
	19	AC_CACHE_CHECK([for gettid()], ac_cv_gettid,
	20	[AC_TRY_RUN(#define _GNU_SOURCE
	21	#include <unistd.h>
	22	--- httpd-2.4.1/server/core.c.selinux
	23	+++ httpd-2.4.1/server/core.c
	24	@@ -58,6 +58,10 @@
	25	#include <unistd.h>
	26	#endif
	27
	28	+#ifdef HAVE_SELINUX
	29	+#include <selinux/selinux.h>
	30	+#endif
	31	+
	32	/* LimitRequestBody handling */
	33	#define AP_LIMIT_REQ_BODY_UNSET ((apr_off_t) -1)
	34	#define AP_DEFAULT_LIMIT_REQ_BODY ((apr_off_t) 0)
	35	@@ -4452,6 +4456,28 @@ static int core_post_config(apr_pool_t *
	36	}
	37	#endif
	38
	39	+#ifdef HAVE_SELINUX
	40	+ {
	41	+ static int already_warned = 0;
	42	+ int is_enabled = is_selinux_enabled() > 0;
	43	+
	44	+ if (is_enabled && !already_warned) {
	45	+ security_context_t con;
	46	+
	47	+ if (getcon(&con) == 0) {
	48	+
	49	+ ap_log_error(APLOG_MARK, APLOG_NOTICE, 0, NULL,
	50	+ "SELinux policy enabled; "
	51	+ "httpd running as context %s", con);
	52	+
	53	+ already_warned = 1;
	54	+
	55	+ freecon(con);
	56	+ }
	57	+ }
	58	+ }
	59	+#endif
	60	+
	61	return OK;
	62	}
	63