1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
|
diff -up httpd-2.3.8/configure.in.selinux httpd-2.3.8/configure.in
--- httpd-2.3.8/configure.in.selinux 2010-10-01 18:51:36.960826530 +0200
+++ httpd-2.3.8/configure.in 2010-10-01 18:51:36.984827554 +0200
@@ -430,6 +430,10 @@ fopen64
dnl confirm that a void pointer is large enough to store a long integer
APACHE_CHECK_VOID_PTR_LEN
+AC_CHECK_LIB(selinux, is_selinux_enabled, [
+ APR_ADDTO(AP_LIBS, [-lselinux])
+])
+
dnl ## Check for the tm_gmtoff field in struct tm to get the timezone diffs
AC_CACHE_CHECK([for tm_gmtoff in struct tm], ac_cv_struct_tm_gmtoff,
[AC_TRY_COMPILE([#include <sys/types.h>
diff -up httpd-2.3.8/server/core.c.selinux httpd-2.3.8/server/core.c
--- httpd-2.3.8/server/core.c.selinux 2010-08-22 12:26:18.000000000 +0200
+++ httpd-2.3.8/server/core.c 2010-10-01 18:55:18.178025465 +0200
@@ -50,6 +50,8 @@
#include "mod_so.h" /* for ap_find_loaded_module_symbol */
+#include <selinux/selinux.h>
+
#if defined(RLIMIT_CPU) || defined (RLIMIT_DATA) || defined (RLIMIT_VMEM) || defined(RLIMIT_AS) || defined (RLIMIT_NPROC)
#include "unixd.h"
#endif
@@ -3655,6 +3657,27 @@ static int core_post_config(apr_pool_t *
"or other system security module is loaded.");
return !OK;
}
+ {
+ static int already_warned = 0;
+ int is_enabled = is_selinux_enabled() > 0;
+
+ if (is_enabled && !already_warned) {
+ security_context_t con;
+
+ if (getcon(&con) == 0) {
+
+ ap_log_error(APLOG_MARK, APLOG_NOTICE, 0, NULL,
+ "SELinux policy enabled; "
+ "httpd running as context %s", con);
+
+ already_warned = 1;
+
+ freecon(con);
+ }
+ }
+ }
+
+
return OK;
}
|
