diff options
Diffstat (limited to 'meta-webserver/recipes-httpd/apache2/apache2/0004-apache2-log-the-SELinux-context-at-startup.patch')
-rw-r--r-- | meta-webserver/recipes-httpd/apache2/apache2/0004-apache2-log-the-SELinux-context-at-startup.patch | 79 |
1 files changed, 79 insertions, 0 deletions
diff --git a/meta-webserver/recipes-httpd/apache2/apache2/0004-apache2-log-the-SELinux-context-at-startup.patch b/meta-webserver/recipes-httpd/apache2/apache2/0004-apache2-log-the-SELinux-context-at-startup.patch new file mode 100644 index 000000000..78a04d9af --- /dev/null +++ b/meta-webserver/recipes-httpd/apache2/apache2/0004-apache2-log-the-SELinux-context-at-startup.patch | |||
@@ -0,0 +1,79 @@ | |||
1 | From dfa834ebd449df299f54e98f0fb3a7bb4008fb03 Mon Sep 17 00:00:00 2001 | ||
2 | From: Paul Eggleton <paul.eggleton@linux.intel.com> | ||
3 | Date: Tue, 17 Jul 2012 11:27:39 +0100 | ||
4 | Subject: [PATCH] Log the SELinux context at startup. | ||
5 | |||
6 | Log the SELinux context at startup. | ||
7 | |||
8 | Upstream-Status: Inappropriate [other] | ||
9 | |||
10 | Note: unlikely to be any interest in this upstream | ||
11 | |||
12 | --- | ||
13 | configure.in | 5 +++++ | ||
14 | server/core.c | 26 ++++++++++++++++++++++++++ | ||
15 | 2 files changed, 31 insertions(+) | ||
16 | |||
17 | diff --git a/configure.in b/configure.in | ||
18 | index dc6ea15..caa6f54 100644 | ||
19 | --- a/configure.in | ||
20 | +++ b/configure.in | ||
21 | @@ -466,6 +466,11 @@ getloadavg | ||
22 | dnl confirm that a void pointer is large enough to store a long integer | ||
23 | APACHE_CHECK_VOID_PTR_LEN | ||
24 | |||
25 | +AC_CHECK_LIB(selinux, is_selinux_enabled, [ | ||
26 | + AC_DEFINE(HAVE_SELINUX, 1, [Defined if SELinux is supported]) | ||
27 | + APR_ADDTO(AP_LIBS, [-lselinux]) | ||
28 | +]) | ||
29 | + | ||
30 | AC_CACHE_CHECK([for gettid()], ac_cv_gettid, | ||
31 | [AC_TRY_RUN(#define _GNU_SOURCE | ||
32 | #include <unistd.h> | ||
33 | diff --git a/server/core.c b/server/core.c | ||
34 | index 7aa841f..79f34db 100644 | ||
35 | --- a/server/core.c | ||
36 | +++ b/server/core.c | ||
37 | @@ -59,6 +59,10 @@ | ||
38 | #include <unistd.h> | ||
39 | #endif | ||
40 | |||
41 | +#ifdef HAVE_SELINUX | ||
42 | +#include <selinux/selinux.h> | ||
43 | +#endif | ||
44 | + | ||
45 | /* LimitRequestBody handling */ | ||
46 | #define AP_LIMIT_REQ_BODY_UNSET ((apr_off_t) -1) | ||
47 | #define AP_DEFAULT_LIMIT_REQ_BODY ((apr_off_t) 0) | ||
48 | @@ -4984,6 +4988,28 @@ static int core_post_config(apr_pool_t *pconf, apr_pool_t *plog, apr_pool_t *pte | ||
49 | } | ||
50 | #endif | ||
51 | |||
52 | +#ifdef HAVE_SELINUX | ||
53 | + { | ||
54 | + static int already_warned = 0; | ||
55 | + int is_enabled = is_selinux_enabled() > 0; | ||
56 | + | ||
57 | + if (is_enabled && !already_warned) { | ||
58 | + security_context_t con; | ||
59 | + | ||
60 | + if (getcon(&con) == 0) { | ||
61 | + | ||
62 | + ap_log_error(APLOG_MARK, APLOG_NOTICE, 0, NULL, | ||
63 | + "SELinux policy enabled; " | ||
64 | + "httpd running as context %s", con); | ||
65 | + | ||
66 | + already_warned = 1; | ||
67 | + | ||
68 | + freecon(con); | ||
69 | + } | ||
70 | + } | ||
71 | + } | ||
72 | +#endif | ||
73 | + | ||
74 | return OK; | ||
75 | } | ||
76 | |||
77 | -- | ||
78 | 2.7.4 | ||
79 | |||