Blame - meta-openembedded/meta-webserver/recipes-httpd/apache2/apache2/0004-apache2-log-the-SELinux-context-at-startup.patch - openbmc/openbmc

blob: 3b080f54f61de77947dc5cf22ec44d631a940830 [file] [log] [blame]

Andrew Geissler	615f2f1	2022-07-15 14:00:58 -0500	[diff] [blame^]	1	From e47cc405eadcbe37a579c375e824e20a5c53bfad Mon Sep 17 00:00:00 2001
Brad Bishop	c342db3	2019-05-15 21:57:59 -0400	[diff] [blame]	2	From: Paul Eggleton <paul.eggleton@linux.intel.com>
				3	Date: Tue, 17 Jul 2012 11:27:39 +0100
				4	Subject: [PATCH] Log the SELinux context at startup.
				5
				6	Log the SELinux context at startup.
				7
				8	Upstream-Status: Inappropriate [other]
				9
				10	Note: unlikely to be any interest in this upstream
Andrew Geissler	615f2f1	2022-07-15 14:00:58 -0500	[diff] [blame^]	11
Brad Bishop	c342db3	2019-05-15 21:57:59 -0400	[diff] [blame]	12	---
				13	configure.in \| 5 +++++
				14	server/core.c \| 26 ++++++++++++++++++++++++++
				15	2 files changed, 31 insertions(+)
				16
				17	diff --git a/configure.in b/configure.in
Andrew Geissler	615f2f1	2022-07-15 14:00:58 -0500	[diff] [blame^]	18	index ea6cec3..92b74b7 100644
Brad Bishop	c342db3	2019-05-15 21:57:59 -0400	[diff] [blame]	19	--- a/configure.in
				20	+++ b/configure.in
Andrew Geissler	9aee500	2022-03-30 16:27:02 +0000	[diff] [blame]	21	@@ -491,6 +491,11 @@ getloadavg
Brad Bishop	c342db3	2019-05-15 21:57:59 -0400	[diff] [blame]	22	dnl confirm that a void pointer is large enough to store a long integer
				23	APACHE_CHECK_VOID_PTR_LEN
				24
				25	+AC_CHECK_LIB(selinux, is_selinux_enabled, [
				26	+ AC_DEFINE(HAVE_SELINUX, 1, [Defined if SELinux is supported])
				27	+ APR_ADDTO(AP_LIBS, [-lselinux])
				28	+])
				29	+
				30	AC_CACHE_CHECK([for gettid()], ac_cv_gettid,
				31	[AC_TRY_RUN(#define _GNU_SOURCE
				32	#include <unistd.h>
				33	diff --git a/server/core.c b/server/core.c
Andrew Geissler	615f2f1	2022-07-15 14:00:58 -0500	[diff] [blame^]	34	index 4da7209..d3ca25b 100644
Brad Bishop	c342db3	2019-05-15 21:57:59 -0400	[diff] [blame]	35	--- a/server/core.c
				36	+++ b/server/core.c
Andrew Geissler	9aee500	2022-03-30 16:27:02 +0000	[diff] [blame]	37	@@ -65,6 +65,10 @@
Brad Bishop	c342db3	2019-05-15 21:57:59 -0400	[diff] [blame]	38	#include <unistd.h>
				39	#endif
				40
				41	+#ifdef HAVE_SELINUX
				42	+#include <selinux/selinux.h>
				43	+#endif
				44	+
				45	/* LimitRequestBody handling */
				46	#define AP_LIMIT_REQ_BODY_UNSET ((apr_off_t) -1)
Andrew Geissler	615f2f1	2022-07-15 14:00:58 -0500	[diff] [blame^]	47	#define AP_DEFAULT_LIMIT_REQ_BODY ((apr_off_t) 1<<30) /* 1GB */
Andrew Geissler	9aee500	2022-03-30 16:27:02 +0000	[diff] [blame]	48	@@ -5126,6 +5130,28 @@ static int core_post_config(apr_pool_t pconf, apr_pool_t plog, apr_pool_t *pte
Brad Bishop	c342db3	2019-05-15 21:57:59 -0400	[diff] [blame]	49	}
				50	#endif
				51
				52	+#ifdef HAVE_SELINUX
				53	+ {
				54	+ static int already_warned = 0;
				55	+ int is_enabled = is_selinux_enabled() > 0;
				56	+
				57	+ if (is_enabled && !already_warned) {
				58	+ security_context_t con;
				59	+
				60	+ if (getcon(&con) == 0) {
				61	+
				62	+ ap_log_error(APLOG_MARK, APLOG_NOTICE, 0, NULL,
				63	+ "SELinux policy enabled; "
				64	+ "httpd running as context %s", con);
				65	+
				66	+ already_warned = 1;
				67	+
				68	+ freecon(con);
				69	+ }
				70	+ }
				71	+ }
				72	+#endif
				73	+
				74	return OK;
				75	}
				76