meta-openembedded/meta-webserver/recipes-httpd/apache2/apache2/httpd-2.4.1-selinux.patch - openbmc/openbmc - Gitiles

 From 33c0f2d88ccfe02777f183eb785bb2b891aff168 Mon Sep 17 00:00:00 2001
 From: Paul Eggleton <paul.eggleton@linux.intel.com>
 Date: Tue, 17 Jul 2012 11:27:39 +0100
 Subject: [PATCH] Log the SELinux context at startup.

 Log the SELinux context at startup.

 Upstream-Status: Inappropriate [other]

 Note: unlikely to be any interest in this upstream

 ---
  configure.in  |  5 +++++
  server/core.c | 26 ++++++++++++++++++++++++++
  2 files changed, 31 insertions(+)

 diff --git a/configure.in b/configure.in
 index 761e836..d828512 100644
 --- a/configure.in
 +++ b/configure.in
 @@ -483,6 +483,11 @@ getloadavg
  dnl confirm that a void pointer is large enough to store a long integer
  APACHE_CHECK_VOID_PTR_LEN

 +AC_CHECK_LIB(selinux, is_selinux_enabled, [
 +   AC_DEFINE(HAVE_SELINUX, 1, [Defined if SELinux is supported])
 +   APR_ADDTO(AP_LIBS, [-lselinux])
 +])
 +
  AC_CACHE_CHECK([for gettid()], ac_cv_gettid,
  [AC_TRY_RUN(#define _GNU_SOURCE
  #include <unistd.h>
 diff --git a/server/core.c b/server/core.c
 index 4fd2b9f..c61304a 100644
 --- a/server/core.c
 +++ b/server/core.c
 @@ -59,6 +59,10 @@
  #include <unistd.h>
  #endif

 +#ifdef HAVE_SELINUX
 +#include <selinux/selinux.h>
 +#endif
 +
  /* LimitRequestBody handling */
  #define AP_LIMIT_REQ_BODY_UNSET         ((apr_off_t) -1)
  #define AP_DEFAULT_LIMIT_REQ_BODY       ((apr_off_t) 0)
 @@ -4959,6 +4963,28 @@ static int core_post_config(apr_pool_t *pconf, apr_pool_t *plog, apr_pool_t *pte
      }
  #endif

 +#ifdef HAVE_SELINUX
 +    {
 +        static int already_warned = 0;
 +        int is_enabled = is_selinux_enabled() > 0;
 +
 +        if (is_enabled && !already_warned) {
 +            security_context_t con;
 +
 +            if (getcon(&con) == 0) {
 +
 +                ap_log_error(APLOG_MARK, APLOG_NOTICE, 0, NULL,
 +                             "SELinux policy enabled; "
 +                             "httpd running as context %s", con);
 +
 +                already_warned = 1;
 +
 +                freecon(con);
 +            }
 +        }
 +    }
 +#endif
 +
      return OK;
  }
	From 33c0f2d88ccfe02777f183eb785bb2b891aff168 Mon Sep 17 00:00:00 2001
	From: Paul Eggleton <paul.eggleton@linux.intel.com>
	Date: Tue, 17 Jul 2012 11:27:39 +0100
	Subject: [PATCH] Log the SELinux context at startup.

	Log the SELinux context at startup.

	Upstream-Status: Inappropriate [other]

	Note: unlikely to be any interest in this upstream

	---
	configure.in \| 5 +++++
	server/core.c \| 26 ++++++++++++++++++++++++++
	2 files changed, 31 insertions(+)

	diff --git a/configure.in b/configure.in
	index 761e836..d828512 100644
	--- a/configure.in
	+++ b/configure.in
	@@ -483,6 +483,11 @@ getloadavg
	dnl confirm that a void pointer is large enough to store a long integer
	APACHE_CHECK_VOID_PTR_LEN

	+AC_CHECK_LIB(selinux, is_selinux_enabled, [
	+ AC_DEFINE(HAVE_SELINUX, 1, [Defined if SELinux is supported])
	+ APR_ADDTO(AP_LIBS, [-lselinux])
	+])
	+
	AC_CACHE_CHECK([for gettid()], ac_cv_gettid,
	[AC_TRY_RUN(#define _GNU_SOURCE
	#include <unistd.h>
	diff --git a/server/core.c b/server/core.c
	index 4fd2b9f..c61304a 100644
	--- a/server/core.c
	+++ b/server/core.c
	@@ -59,6 +59,10 @@
	#include <unistd.h>
	#endif

	+#ifdef HAVE_SELINUX
	+#include <selinux/selinux.h>
	+#endif
	+
	/* LimitRequestBody handling */
	#define AP_LIMIT_REQ_BODY_UNSET ((apr_off_t) -1)
	#define AP_DEFAULT_LIMIT_REQ_BODY ((apr_off_t) 0)
	@@ -4959,6 +4963,28 @@ static int core_post_config(apr_pool_t pconf, apr_pool_t plog, apr_pool_t *pte
	}
	#endif

	+#ifdef HAVE_SELINUX
	+ {
	+ static int already_warned = 0;
	+ int is_enabled = is_selinux_enabled() > 0;
	+
	+ if (is_enabled && !already_warned) {
	+ security_context_t con;
	+
	+ if (getcon(&con) == 0) {
	+
	+ ap_log_error(APLOG_MARK, APLOG_NOTICE, 0, NULL,
	+ "SELinux policy enabled; "
	+ "httpd running as context %s", con);
	+
	+ already_warned = 1;
	+
	+ freecon(con);
	+ }
	+ }
	+ }
	+#endif
	+
	return OK;
	}