aboutsummaryrefslogtreecommitdiffstats
path: root/meta-webserver/recipes-httpd/apache2/apache2/0004-apache2-log-the-SELinux-context-at-startup.patch
blob: 78a04d9af4be7ab55cd2a447c6d4d6792b0fbee4 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
From dfa834ebd449df299f54e98f0fb3a7bb4008fb03 Mon Sep 17 00:00:00 2001
From: Paul Eggleton <paul.eggleton@linux.intel.com>
Date: Tue, 17 Jul 2012 11:27:39 +0100
Subject: [PATCH] Log the SELinux context at startup.

Log the SELinux context at startup.

Upstream-Status: Inappropriate [other]

Note: unlikely to be any interest in this upstream

---
 configure.in  |  5 +++++
 server/core.c | 26 ++++++++++++++++++++++++++
 2 files changed, 31 insertions(+)

diff --git a/configure.in b/configure.in
index dc6ea15..caa6f54 100644
--- a/configure.in
+++ b/configure.in
@@ -466,6 +466,11 @@ getloadavg
 dnl confirm that a void pointer is large enough to store a long integer
 APACHE_CHECK_VOID_PTR_LEN
 
+AC_CHECK_LIB(selinux, is_selinux_enabled, [
+   AC_DEFINE(HAVE_SELINUX, 1, [Defined if SELinux is supported])
+   APR_ADDTO(AP_LIBS, [-lselinux])
+])
+
 AC_CACHE_CHECK([for gettid()], ac_cv_gettid,
 [AC_TRY_RUN(#define _GNU_SOURCE
 #include <unistd.h>
diff --git a/server/core.c b/server/core.c
index 7aa841f..79f34db 100644
--- a/server/core.c
+++ b/server/core.c
@@ -59,6 +59,10 @@
 #include <unistd.h>
 #endif
 
+#ifdef HAVE_SELINUX
+#include <selinux/selinux.h>
+#endif
+
 /* LimitRequestBody handling */
 #define AP_LIMIT_REQ_BODY_UNSET         ((apr_off_t) -1)
 #define AP_DEFAULT_LIMIT_REQ_BODY       ((apr_off_t) 0)
@@ -4984,6 +4988,28 @@ static int core_post_config(apr_pool_t *pconf, apr_pool_t *plog, apr_pool_t *pte
     }
 #endif
 
+#ifdef HAVE_SELINUX
+    {
+        static int already_warned = 0;
+        int is_enabled = is_selinux_enabled() > 0;
+
+        if (is_enabled && !already_warned) {
+            security_context_t con;
+
+            if (getcon(&con) == 0) {
+
+                ap_log_error(APLOG_MARK, APLOG_NOTICE, 0, NULL,
+                             "SELinux policy enabled; "
+                             "httpd running as context %s", con);
+
+                already_warned = 1;
+
+                freecon(con);
+            }
+        }
+    }
+#endif
+
     return OK;
 }
 
-- 
2.7.4