Andrew Geissler | 615f2f1 | 2022-07-15 14:00:58 -0500 | [diff] [blame^] | 1 | From e47cc405eadcbe37a579c375e824e20a5c53bfad Mon Sep 17 00:00:00 2001 |
Brad Bishop | c342db3 | 2019-05-15 21:57:59 -0400 | [diff] [blame] | 2 | From: Paul Eggleton <paul.eggleton@linux.intel.com> |
| 3 | Date: Tue, 17 Jul 2012 11:27:39 +0100 |
| 4 | Subject: [PATCH] Log the SELinux context at startup. |
| 5 | |
| 6 | Log the SELinux context at startup. |
| 7 | |
| 8 | Upstream-Status: Inappropriate [other] |
| 9 | |
| 10 | Note: unlikely to be any interest in this upstream |
Andrew Geissler | 615f2f1 | 2022-07-15 14:00:58 -0500 | [diff] [blame^] | 11 | |
Brad Bishop | c342db3 | 2019-05-15 21:57:59 -0400 | [diff] [blame] | 12 | --- |
| 13 | configure.in | 5 +++++ |
| 14 | server/core.c | 26 ++++++++++++++++++++++++++ |
| 15 | 2 files changed, 31 insertions(+) |
| 16 | |
| 17 | diff --git a/configure.in b/configure.in |
Andrew Geissler | 615f2f1 | 2022-07-15 14:00:58 -0500 | [diff] [blame^] | 18 | index ea6cec3..92b74b7 100644 |
Brad Bishop | c342db3 | 2019-05-15 21:57:59 -0400 | [diff] [blame] | 19 | --- a/configure.in |
| 20 | +++ b/configure.in |
Andrew Geissler | 9aee500 | 2022-03-30 16:27:02 +0000 | [diff] [blame] | 21 | @@ -491,6 +491,11 @@ getloadavg |
Brad Bishop | c342db3 | 2019-05-15 21:57:59 -0400 | [diff] [blame] | 22 | dnl confirm that a void pointer is large enough to store a long integer |
| 23 | APACHE_CHECK_VOID_PTR_LEN |
| 24 | |
| 25 | +AC_CHECK_LIB(selinux, is_selinux_enabled, [ |
| 26 | + AC_DEFINE(HAVE_SELINUX, 1, [Defined if SELinux is supported]) |
| 27 | + APR_ADDTO(AP_LIBS, [-lselinux]) |
| 28 | +]) |
| 29 | + |
| 30 | AC_CACHE_CHECK([for gettid()], ac_cv_gettid, |
| 31 | [AC_TRY_RUN(#define _GNU_SOURCE |
| 32 | #include <unistd.h> |
| 33 | diff --git a/server/core.c b/server/core.c |
Andrew Geissler | 615f2f1 | 2022-07-15 14:00:58 -0500 | [diff] [blame^] | 34 | index 4da7209..d3ca25b 100644 |
Brad Bishop | c342db3 | 2019-05-15 21:57:59 -0400 | [diff] [blame] | 35 | --- a/server/core.c |
| 36 | +++ b/server/core.c |
Andrew Geissler | 9aee500 | 2022-03-30 16:27:02 +0000 | [diff] [blame] | 37 | @@ -65,6 +65,10 @@ |
Brad Bishop | c342db3 | 2019-05-15 21:57:59 -0400 | [diff] [blame] | 38 | #include <unistd.h> |
| 39 | #endif |
| 40 | |
| 41 | +#ifdef HAVE_SELINUX |
| 42 | +#include <selinux/selinux.h> |
| 43 | +#endif |
| 44 | + |
| 45 | /* LimitRequestBody handling */ |
| 46 | #define AP_LIMIT_REQ_BODY_UNSET ((apr_off_t) -1) |
Andrew Geissler | 615f2f1 | 2022-07-15 14:00:58 -0500 | [diff] [blame^] | 47 | #define AP_DEFAULT_LIMIT_REQ_BODY ((apr_off_t) 1<<30) /* 1GB */ |
Andrew Geissler | 9aee500 | 2022-03-30 16:27:02 +0000 | [diff] [blame] | 48 | @@ -5126,6 +5130,28 @@ static int core_post_config(apr_pool_t *pconf, apr_pool_t *plog, apr_pool_t *pte |
Brad Bishop | c342db3 | 2019-05-15 21:57:59 -0400 | [diff] [blame] | 49 | } |
| 50 | #endif |
| 51 | |
| 52 | +#ifdef HAVE_SELINUX |
| 53 | + { |
| 54 | + static int already_warned = 0; |
| 55 | + int is_enabled = is_selinux_enabled() > 0; |
| 56 | + |
| 57 | + if (is_enabled && !already_warned) { |
| 58 | + security_context_t con; |
| 59 | + |
| 60 | + if (getcon(&con) == 0) { |
| 61 | + |
| 62 | + ap_log_error(APLOG_MARK, APLOG_NOTICE, 0, NULL, |
| 63 | + "SELinux policy enabled; " |
| 64 | + "httpd running as context %s", con); |
| 65 | + |
| 66 | + already_warned = 1; |
| 67 | + |
| 68 | + freecon(con); |
| 69 | + } |
| 70 | + } |
| 71 | + } |
| 72 | +#endif |
| 73 | + |
| 74 | return OK; |
| 75 | } |
| 76 | |