53 lines
1.3 KiB
Diff
53 lines
1.3 KiB
Diff
|
|
If SElinux is enabled, log the context on startup.
|
|
|
|
--- httpd-2.0.54/server/core.c.selinux
|
|
+++ httpd-2.0.54/server/core.c
|
|
@@ -50,6 +50,8 @@
|
|
#include "mod_proxy.h"
|
|
#include "ap_listen.h"
|
|
|
|
+#include <selinux/selinux.h>
|
|
+
|
|
/* LimitRequestBody handling */
|
|
#define AP_LIMIT_REQ_BODY_UNSET ((apr_off_t) -1)
|
|
#define AP_DEFAULT_LIMIT_REQ_BODY ((apr_off_t) 0)
|
|
@@ -4337,6 +4339,26 @@
|
|
}
|
|
#endif
|
|
|
|
+ {
|
|
+ static int already_warned = 0;
|
|
+ int is_enabled = is_selinux_enabled() > 0;
|
|
+
|
|
+ if (is_enabled) {
|
|
+ security_context_t con;
|
|
+
|
|
+ if (getcon(&con) == 0) {
|
|
+
|
|
+ ap_log_error(APLOG_MARK, APLOG_NOTICE, 0, NULL,
|
|
+ "SELinux policy enabled; "
|
|
+ "httpd running as context %s", con);
|
|
+
|
|
+ already_warned = 1;
|
|
+
|
|
+ freecon(con);
|
|
+ }
|
|
+ }
|
|
+ }
|
|
+
|
|
return OK;
|
|
}
|
|
|
|
--- httpd-2.0.54/configure.in.selinux
|
|
+++ httpd-2.0.54/configure.in
|
|
@@ -294,6 +294,8 @@
|
|
timegm \
|
|
)
|
|
|
|
+AC_SEARCH_LIBS(is_selinux_enabled, selinux)
|
|
+
|
|
dnl ## Check for the tm_gmtoff field in struct tm to get the timezone diffs
|
|
AC_CACHE_CHECK([for tm_gmtoff in struct tm], ac_cv_struct_tm_gmtoff,
|
|
[AC_TRY_COMPILE([#include <sys/types.h>
|