| Brad Bishop | 1a4b7ee | 2018-12-16 17:11:34 -0800 | [diff] [blame^] | 1 | From 33c0f2d88ccfe02777f183eb785bb2b891aff168 Mon Sep 17 00:00:00 2001 |
| 2 | From: Paul Eggleton <paul.eggleton@linux.intel.com> |
| 3 | Date: Tue, 17 Jul 2012 11:27:39 +0100 |
| 4 | Subject: [PATCH] Log the SELinux context at startup. |
| Patrick Williams | b48b7b4 | 2016-08-17 15:04:38 -0500 | [diff] [blame] | 5 | |
| 6 | Log the SELinux context at startup. |
| 7 | |
| 8 | Upstream-Status: Inappropriate [other] |
| 9 | |
| 10 | Note: unlikely to be any interest in this upstream |
| 11 | |
| Brad Bishop | 1a4b7ee | 2018-12-16 17:11:34 -0800 | [diff] [blame^] | 12 | --- |
| 13 | configure.in | 5 +++++ |
| 14 | server/core.c | 26 ++++++++++++++++++++++++++ |
| 15 | 2 files changed, 31 insertions(+) |
| 16 | |
| 17 | diff --git a/configure.in b/configure.in |
| 18 | index 761e836..d828512 100644 |
| 19 | --- a/configure.in |
| 20 | +++ b/configure.in |
| 21 | @@ -483,6 +483,11 @@ getloadavg |
| Patrick Williams | b48b7b4 | 2016-08-17 15:04:38 -0500 | [diff] [blame] | 22 | dnl confirm that a void pointer is large enough to store a long integer |
| 23 | APACHE_CHECK_VOID_PTR_LEN |
| 24 | |
| 25 | +AC_CHECK_LIB(selinux, is_selinux_enabled, [ |
| 26 | + AC_DEFINE(HAVE_SELINUX, 1, [Defined if SELinux is supported]) |
| 27 | + APR_ADDTO(AP_LIBS, [-lselinux]) |
| 28 | +]) |
| 29 | + |
| 30 | AC_CACHE_CHECK([for gettid()], ac_cv_gettid, |
| 31 | [AC_TRY_RUN(#define _GNU_SOURCE |
| 32 | #include <unistd.h> |
| Brad Bishop | 1a4b7ee | 2018-12-16 17:11:34 -0800 | [diff] [blame^] | 33 | diff --git a/server/core.c b/server/core.c |
| 34 | index 4fd2b9f..c61304a 100644 |
| 35 | --- a/server/core.c |
| 36 | +++ b/server/core.c |
| 37 | @@ -59,6 +59,10 @@ |
| Patrick Williams | b48b7b4 | 2016-08-17 15:04:38 -0500 | [diff] [blame] | 38 | #include <unistd.h> |
| 39 | #endif |
| 40 | |
| 41 | +#ifdef HAVE_SELINUX |
| 42 | +#include <selinux/selinux.h> |
| 43 | +#endif |
| 44 | + |
| 45 | /* LimitRequestBody handling */ |
| 46 | #define AP_LIMIT_REQ_BODY_UNSET ((apr_off_t) -1) |
| 47 | #define AP_DEFAULT_LIMIT_REQ_BODY ((apr_off_t) 0) |
| Brad Bishop | 1a4b7ee | 2018-12-16 17:11:34 -0800 | [diff] [blame^] | 48 | @@ -4959,6 +4963,28 @@ static int core_post_config(apr_pool_t *pconf, apr_pool_t *plog, apr_pool_t *pte |
| Patrick Williams | b48b7b4 | 2016-08-17 15:04:38 -0500 | [diff] [blame] | 49 | } |
| 50 | #endif |
| 51 | |
| 52 | +#ifdef HAVE_SELINUX |
| 53 | + { |
| 54 | + static int already_warned = 0; |
| 55 | + int is_enabled = is_selinux_enabled() > 0; |
| 56 | + |
| 57 | + if (is_enabled && !already_warned) { |
| 58 | + security_context_t con; |
| 59 | + |
| 60 | + if (getcon(&con) == 0) { |
| 61 | + |
| 62 | + ap_log_error(APLOG_MARK, APLOG_NOTICE, 0, NULL, |
| 63 | + "SELinux policy enabled; " |
| 64 | + "httpd running as context %s", con); |
| 65 | + |
| 66 | + already_warned = 1; |
| 67 | + |
| 68 | + freecon(con); |
| 69 | + } |
| 70 | + } |
| 71 | + } |
| 72 | +#endif |
| 73 | + |
| 74 | return OK; |
| 75 | } |
| 76 | |