automatic import of httpd

author: CoprDistGit <infra@openeuler.org> 2024-04-06 13:39:16 +0000
committer: CoprDistGit <infra@openeuler.org> 2024-04-06 13:39:16 +0000
commit: 0b910c31274a87f065bcc5b9224a5dc5944772b3 (patch)
tree: 70eb739e783a13a4319050ad5de24ecd44a194a8
parent: 172d6530f37fd0f0b9026591dab42075e1081929 (diff)
3 files changed, 65 insertions, 64 deletions
diff --git a/backport-httpd-2.4.25-selinux.patch b/backport-httpd-2.4.25-selinux.patch
deleted file mode 100644
index 0db1e45..0000000
--- a/backport-httpd-2.4.25-selinux.patch
+++ /dev/null
@@ -1,63 +0,0 @@
-diff --git a/configure.in b/configure.in
-index c5896c1..96cd4a6 100644
---- a/configure.in
-+++ b/configure.in
-@@ -508,6 +508,11 @@ getloadavg
- dnl confirm that a void pointer is large enough to store a long integer
- APACHE_CHECK_VOID_PTR_LEN
- 
-+AC_CHECK_LIB(selinux, is_selinux_enabled, [
-+   AC_DEFINE(HAVE_SELINUX, 1, [Defined if SELinux is supported])
-+   APR_ADDTO(HTTPD_LIBS, [-lselinux])
-+])
-+
- AC_CACHE_CHECK([for gettid()], ac_cv_gettid,
- [AC_TRY_RUN(#define _GNU_SOURCE
- #include <unistd.h>
-diff --git a/server/core.c b/server/core.c
-index 4da7209..515047b 100644
---- a/server/core.c
-+++ b/server/core.c
-@@ -65,6 +65,10 @@
- #include <unistd.h>
- #endif
- 
-+#ifdef HAVE_SELINUX
-+#include <selinux/selinux.h>
-+#endif
-+
- /* LimitRequestBody handling */
- #define AP_LIMIT_REQ_BODY_UNSET         ((apr_off_t) -1)
- #define AP_DEFAULT_LIMIT_REQ_BODY       ((apr_off_t) 1<<30) /* 1GB */
-@@ -5126,6 +5130,28 @@ static int core_post_config(apr_pool_t *pconf, apr_pool_t *plog, apr_pool_t *pte
-     }
- #endif
- 
-+#ifdef HAVE_SELINUX
-+    {
-+        static int already_warned = 0;
-+        int is_enabled = is_selinux_enabled() > 0;
-+        
-+        if (is_enabled && !already_warned) {
-+            security_context_t con;
-+            
-+            if (getcon(&con) == 0) {
-+                
-+                ap_log_error(APLOG_MARK, APLOG_NOTICE, 0, NULL,
-+                             "SELinux policy enabled; "
-+                             "httpd running as context %s", con);
-+                
-+                already_warned = 1;
-+                
-+                freecon(con);
-+            }
-+        }
-+    }
-+#endif
-+
-     return OK;
- }
- 
--- 
-2.27.0
-
diff --git a/backport-httpd-2.4.54-selinux.patch b/backport-httpd-2.4.54-selinux.patch
new file mode 100644
index 0000000..661b983
--- /dev/null
+++ b/backport-httpd-2.4.54-selinux.patch
@@ -0,0 +1,64 @@
+
+Upstream-Status: in trunk not in 2.4.x
+
+diff --git a/configure.in b/configure.in
+index 74015ca..8c0ee10 100644
+--- httpd-2.4.54/modules/arch/unix/config5.m4.selinux
++++ httpd-2.4.54/modules/arch/unix/config5.m4
+@@ -23,6 +23,11 @@
+     AC_MSG_WARN([Your system does not support systemd.])
+     enable_systemd="no"
+   else
++    AC_CHECK_LIB(selinux, is_selinux_enabled, [
++      AC_DEFINE(HAVE_SELINUX, 1, [Defined if SELinux is supported])
++      APR_ADDTO(MOD_SYSTEMD_LDADD, [-lselinux])
++    ])
++  
+     APR_ADDTO(MOD_SYSTEMD_LDADD, [$SYSTEMD_LIBS])
+   fi
+ ])
+--- httpd-2.4.54/modules/arch/unix/mod_systemd.c.selinux
++++ httpd-2.4.54/modules/arch/unix/mod_systemd.c
+@@ -35,6 +35,10 @@
+ #include <unistd.h>
+ #endif
+ 
++#ifdef HAVE_SELINUX
++#include <selinux/selinux.h>
++#endif
++
+ APR_DECLARE_OPTIONAL_FN(int,
+                         ap_find_systemd_socket, (process_rec *, apr_port_t));
+ 
+@@ -70,6 +74,20 @@
+     return apr_psprintf(p, "%s port %u", addr, sa->port);
+ }
+ 
++#ifdef HAVE_SELINUX
++static void log_selinux_context(void)
++{
++    char *con;
++
++    if (is_selinux_enabled() && getcon(&con) == 0) {
++        ap_log_error(APLOG_MARK, APLOG_NOTICE, 0, NULL,
++                     "SELinux policy enabled; "
++                     "httpd running as context %s", con);
++        freecon(con);
++    }
++}
++#endif
++
+ /* Report the service is ready in post_config, which could be during
+  * startup or after a reload.  The server could still hit a fatal
+  * startup error after this point during ap_run_mpm(), so this is
+@@ -87,6 +105,10 @@
+     if (ap_state_query(AP_SQ_MAIN_STATE) == AP_SQ_MS_CREATE_PRE_CONFIG)
+         return OK;
+ 
++#ifdef HAVE_SELINUX
++    log_selinux_context();
++#endif
++    
+     for (lr = ap_listeners; lr; lr = lr->next) {
+         char *s = dump_listener(lr, ptemp);
+ 
diff --git a/httpd.spec b/httpd.spec
index 9e66e50..cfe1735 100644
--- a/httpd.spec
+++ b/httpd.spec
@@ -57,7 +57,7 @@ Patch3:           backport-httpd-2.4.3-apctl-systemd.patch
 Patch4:           backport-httpd-2.4.53-detect-systemd.patch
 Patch5:           backport-httpd-2.4.53-export.patch
 Patch6:           backport-httpd-2.4.43-corelimit.patch
-Patch7:           backport-httpd-2.4.25-selinux.patch
+Patch7:           backport-httpd-2.4.54-selinux.patch
 Patch8:           backport-httpd-2.4.54-icons.patch
 Patch9:           backport-httpd-2.4.43-cachehardmax.patch
 Patch10:          backport-httpd-2.4.43-socket-activation.patch
author	CoprDistGit <infra@openeuler.org>	2024-04-06 13:39:16 +0000
committer	CoprDistGit <infra@openeuler.org>	2024-04-06 13:39:16 +0000
commit	0b910c31274a87f065bcc5b9224a5dc5944772b3 (patch)
tree	70eb739e783a13a4319050ad5de24ecd44a194a8
parent	172d6530f37fd0f0b9026591dab42075e1081929 (diff)