meta-openembedded/meta-webserver/recipes-httpd/apache2/apache2/0004-apache2-log-the-SELinux-context-at-startup.patch - openbmc/openbmc - Gitiles

 From 37699e9be04d83c5923644e298f400e077f76e85 Mon Sep 17 00:00:00 2001
 From: Paul Eggleton <paul.eggleton@linux.intel.com>
 Date: Tue, 17 Jul 2012 11:27:39 +0100
 Subject: [PATCH] Log the SELinux context at startup.

 Log the SELinux context at startup.

 Upstream-Status: Inappropriate [other]

 Note: unlikely to be any interest in this upstream
 ---
  configure.in  |  5 +++++
  server/core.c | 26 ++++++++++++++++++++++++++
  2 files changed, 31 insertions(+)

 diff --git a/configure.in b/configure.in
 index c799aec..76811e7 100644
 --- a/configure.in
 +++ b/configure.in
 @@ -491,6 +491,11 @@ getloadavg
  dnl confirm that a void pointer is large enough to store a long integer
  APACHE_CHECK_VOID_PTR_LEN

 +AC_CHECK_LIB(selinux, is_selinux_enabled, [
 +   AC_DEFINE(HAVE_SELINUX, 1, [Defined if SELinux is supported])
 +   APR_ADDTO(AP_LIBS, [-lselinux])
 +])
 +
  AC_CACHE_CHECK([for gettid()], ac_cv_gettid,
  [AC_TRY_RUN(#define _GNU_SOURCE
  #include <unistd.h>
 diff --git a/server/core.c b/server/core.c
 index 3020090..8fef5fd 100644
 --- a/server/core.c
 +++ b/server/core.c
 @@ -65,6 +65,10 @@
  #include <unistd.h>
  #endif

 +#ifdef HAVE_SELINUX
 +#include <selinux/selinux.h>
 +#endif
 +
  /* LimitRequestBody handling */
  #define AP_LIMIT_REQ_BODY_UNSET         ((apr_off_t) -1)
  #define AP_DEFAULT_LIMIT_REQ_BODY       ((apr_off_t) 0)
 @@ -5126,6 +5130,28 @@ static int core_post_config(apr_pool_t *pconf, apr_pool_t *plog, apr_pool_t *pte
      }
  #endif

 +#ifdef HAVE_SELINUX
 +    {
 +        static int already_warned = 0;
 +        int is_enabled = is_selinux_enabled() > 0;
 +
 +        if (is_enabled && !already_warned) {
 +            security_context_t con;
 +
 +            if (getcon(&con) == 0) {
 +
 +                ap_log_error(APLOG_MARK, APLOG_NOTICE, 0, NULL,
 +                             "SELinux policy enabled; "
 +                             "httpd running as context %s", con);
 +
 +                already_warned = 1;
 +
 +                freecon(con);
 +            }
 +        }
 +    }
 +#endif
 +
      return OK;
  }

 --
 2.25.1
	From 37699e9be04d83c5923644e298f400e077f76e85 Mon Sep 17 00:00:00 2001
	From: Paul Eggleton <paul.eggleton@linux.intel.com>
	Date: Tue, 17 Jul 2012 11:27:39 +0100
	Subject: [PATCH] Log the SELinux context at startup.

	Log the SELinux context at startup.

	Upstream-Status: Inappropriate [other]

	Note: unlikely to be any interest in this upstream
	---
	configure.in \| 5 +++++
	server/core.c \| 26 ++++++++++++++++++++++++++
	2 files changed, 31 insertions(+)

	diff --git a/configure.in b/configure.in
	index c799aec..76811e7 100644
	--- a/configure.in
	+++ b/configure.in
	@@ -491,6 +491,11 @@ getloadavg
	dnl confirm that a void pointer is large enough to store a long integer
	APACHE_CHECK_VOID_PTR_LEN

	+AC_CHECK_LIB(selinux, is_selinux_enabled, [
	+ AC_DEFINE(HAVE_SELINUX, 1, [Defined if SELinux is supported])
	+ APR_ADDTO(AP_LIBS, [-lselinux])
	+])
	+
	AC_CACHE_CHECK([for gettid()], ac_cv_gettid,
	[AC_TRY_RUN(#define _GNU_SOURCE
	#include <unistd.h>
	diff --git a/server/core.c b/server/core.c
	index 3020090..8fef5fd 100644
	--- a/server/core.c
	+++ b/server/core.c
	@@ -65,6 +65,10 @@
	#include <unistd.h>
	#endif

	+#ifdef HAVE_SELINUX
	+#include <selinux/selinux.h>
	+#endif
	+
	/* LimitRequestBody handling */
	#define AP_LIMIT_REQ_BODY_UNSET ((apr_off_t) -1)
	#define AP_DEFAULT_LIMIT_REQ_BODY ((apr_off_t) 0)
	@@ -5126,6 +5130,28 @@ static int core_post_config(apr_pool_t pconf, apr_pool_t plog, apr_pool_t *pte
	}
	#endif

	+#ifdef HAVE_SELINUX
	+ {
	+ static int already_warned = 0;
	+ int is_enabled = is_selinux_enabled() > 0;
	+
	+ if (is_enabled && !already_warned) {
	+ security_context_t con;
	+
	+ if (getcon(&con) == 0) {
	+
	+ ap_log_error(APLOG_MARK, APLOG_NOTICE, 0, NULL,
	+ "SELinux policy enabled; "
	+ "httpd running as context %s", con);
	+
	+ already_warned = 1;
	+
	+ freecon(con);
	+ }
	+ }
	+ }
	+#endif
	+
	return OK;
	}

	--
	2.25.1