diff options
| author |   Paul Eggleton <paul.eggleton@linux.intel.com> | 2014-01-12 16:52:45 +0000 |
|---|---|---|
| committer | Paul Eggleton <paul.eggleton@linux.intel.com> | 2014-03-06 12:12:14 +0000 |
| commit | 50f28a183f30c82280510988ad456f456e2c82ea (patch) | |
| tree | 0055c7fdd9bda2fa91f592a2b7e8b92e003911f5 /meta-webserver/recipes-httpd/apache2/apache2/httpd-2.4.1-selinux.patch | |
| parent | 279ebafb9dfcc3bd5095f4880e16a2e9401e38f7 (diff) | |
| download | meta-openembedded-contrib-50f28a183f30c82280510988ad456f456e2c82ea.tar.gz | |
apache2: update to 2.4.7
* LIC_FILES_CHKSUM changed because of the introduction of an extra blank
line in the LICENSE file (!)
* Refreshed TLS Next Protocol Negotiation support patch for conflict
with 2.4.7. Thanks to Hongxu Jia for doing this work.
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Diffstat (limited to 'meta-webserver/recipes-httpd/apache2/apache2/httpd-2.4.1-selinux.patch')
| -rw-r--r-- | meta-webserver/recipes-httpd/apache2/apache2/httpd-2.4.1-selinux.patch | 63 |
1 files changed, 63 insertions, 0 deletions
diff --git a/meta-webserver/recipes-httpd/apache2/apache2/httpd-2.4.1-selinux.patch b/meta-webserver/recipes-httpd/apache2/apache2/httpd-2.4.1-selinux.patch new file mode 100644 index 0000000000..873328d9b5 --- /dev/null +++ b/meta-webserver/recipes-httpd/apache2/apache2/httpd-2.4.1-selinux.patch @@ -0,0 +1,63 @@ + +Log the SELinux context at startup. + +Upstream-Status: Inappropriate [other] + +Note: unlikely to be any interest in this upstream + +--- httpd-2.4.1/configure.in.selinux ++++ httpd-2.4.1/configure.in +@@ -458,6 +458,11 @@ fopen64 + dnl confirm that a void pointer is large enough to store a long integer + APACHE_CHECK_VOID_PTR_LEN + ++AC_CHECK_LIB(selinux, is_selinux_enabled, [ ++ AC_DEFINE(HAVE_SELINUX, 1, [Defined if SELinux is supported]) ++ APR_ADDTO(AP_LIBS, [-lselinux]) ++]) ++ + AC_CACHE_CHECK([for gettid()], ac_cv_gettid, + [AC_TRY_RUN(#define _GNU_SOURCE + #include <unistd.h> +--- httpd-2.4.1/server/core.c.selinux ++++ httpd-2.4.1/server/core.c +@@ -58,6 +58,10 @@ + #include <unistd.h> + #endif + ++#ifdef HAVE_SELINUX ++#include <selinux/selinux.h> ++#endif ++ + /* LimitRequestBody handling */ + #define AP_LIMIT_REQ_BODY_UNSET ((apr_off_t) -1) + #define AP_DEFAULT_LIMIT_REQ_BODY ((apr_off_t) 0) +@@ -4452,6 +4456,28 @@ static int core_post_config(apr_pool_t * + } + #endif + ++#ifdef HAVE_SELINUX ++ { ++ static int already_warned = 0; ++ int is_enabled = is_selinux_enabled() > 0; ++ ++ if (is_enabled && !already_warned) { ++ security_context_t con; ++ ++ if (getcon(&con) == 0) { ++ ++ ap_log_error(APLOG_MARK, APLOG_NOTICE, 0, NULL, ++ "SELinux policy enabled; " ++ "httpd running as context %s", con); ++ ++ already_warned = 1; ++ ++ freecon(con); ++ } ++ } ++ } ++#endif ++ + return OK; + } + |