| Patrick Williams | b48b7b4 | 2016-08-17 15:04:38 -0500 | [diff] [blame^] | 1 | |
| 2 | Log the SELinux context at startup. |
| 3 | |
| 4 | Upstream-Status: Inappropriate [other] |
| 5 | |
| 6 | Note: unlikely to be any interest in this upstream |
| 7 | |
| 8 | --- httpd-2.4.1/configure.in.selinux |
| 9 | +++ httpd-2.4.1/configure.in |
| 10 | @@ -458,6 +458,11 @@ fopen64 |
| 11 | dnl confirm that a void pointer is large enough to store a long integer |
| 12 | APACHE_CHECK_VOID_PTR_LEN |
| 13 | |
| 14 | +AC_CHECK_LIB(selinux, is_selinux_enabled, [ |
| 15 | + AC_DEFINE(HAVE_SELINUX, 1, [Defined if SELinux is supported]) |
| 16 | + APR_ADDTO(AP_LIBS, [-lselinux]) |
| 17 | +]) |
| 18 | + |
| 19 | AC_CACHE_CHECK([for gettid()], ac_cv_gettid, |
| 20 | [AC_TRY_RUN(#define _GNU_SOURCE |
| 21 | #include <unistd.h> |
| 22 | --- httpd-2.4.1/server/core.c.selinux |
| 23 | +++ httpd-2.4.1/server/core.c |
| 24 | @@ -58,6 +58,10 @@ |
| 25 | #include <unistd.h> |
| 26 | #endif |
| 27 | |
| 28 | +#ifdef HAVE_SELINUX |
| 29 | +#include <selinux/selinux.h> |
| 30 | +#endif |
| 31 | + |
| 32 | /* LimitRequestBody handling */ |
| 33 | #define AP_LIMIT_REQ_BODY_UNSET ((apr_off_t) -1) |
| 34 | #define AP_DEFAULT_LIMIT_REQ_BODY ((apr_off_t) 0) |
| 35 | @@ -4452,6 +4456,28 @@ static int core_post_config(apr_pool_t * |
| 36 | } |
| 37 | #endif |
| 38 | |
| 39 | +#ifdef HAVE_SELINUX |
| 40 | + { |
| 41 | + static int already_warned = 0; |
| 42 | + int is_enabled = is_selinux_enabled() > 0; |
| 43 | + |
| 44 | + if (is_enabled && !already_warned) { |
| 45 | + security_context_t con; |
| 46 | + |
| 47 | + if (getcon(&con) == 0) { |
| 48 | + |
| 49 | + ap_log_error(APLOG_MARK, APLOG_NOTICE, 0, NULL, |
| 50 | + "SELinux policy enabled; " |
| 51 | + "httpd running as context %s", con); |
| 52 | + |
| 53 | + already_warned = 1; |
| 54 | + |
| 55 | + freecon(con); |
| 56 | + } |
| 57 | + } |
| 58 | + } |
| 59 | +#endif |
| 60 | + |
| 61 | return OK; |
| 62 | } |
| 63 | |