diff --git a/configure.in b/configure.in index 3932407..00e2369 100644 --- a/configure.in +++ b/configure.in @@ -531,6 +531,11 @@ gettid dnl confirm that a void pointer is large enough to store a long integer APACHE_CHECK_VOID_PTR_LEN +AC_CHECK_LIB(selinux, is_selinux_enabled, [ + AC_DEFINE(HAVE_SELINUX, 1, [Defined if SELinux is supported]) + APR_ADDTO(HTTPD_LIBS, [-lselinux]) +]) + if test $ac_cv_func_gettid = no; then # On Linux before glibc 2.30, gettid() is only usable via syscall() AC_CACHE_CHECK([for gettid() via syscall], ap_cv_gettid, diff --git a/server/core.c b/server/core.c index 8970a50..ff1024d 100644 --- a/server/core.c +++ b/server/core.c @@ -65,6 +65,10 @@ #include #endif +#ifdef HAVE_SELINUX +#include +#endif + /* LimitRequestBody handling */ #define AP_LIMIT_REQ_BODY_UNSET ((apr_off_t) -1) #define AP_DEFAULT_LIMIT_REQ_BODY ((apr_off_t) 1<<30) /* 1GB */ @@ -5170,6 +5174,28 @@ static int core_post_config(apr_pool_t *pconf, apr_pool_t *plog, apr_pool_t *pte } #endif +#ifdef HAVE_SELINUX + { + static int already_warned = 0; + int is_enabled = is_selinux_enabled() > 0; + + if (is_enabled && !already_warned) { + security_context_t con; + + if (getcon(&con) == 0) { + + ap_log_error(APLOG_MARK, APLOG_NOTICE, 0, NULL, + "SELinux policy enabled; " + "httpd running as context %s", con); + + already_warned = 1; + + freecon(con); + } + } + } +#endif + return OK; }