diff options
Diffstat (limited to 'backport-httpd-2.4.25-selinux.patch')
| -rw-r--r-- | backport-httpd-2.4.25-selinux.patch | 63 |
1 files changed, 63 insertions, 0 deletions
diff --git a/backport-httpd-2.4.25-selinux.patch b/backport-httpd-2.4.25-selinux.patch new file mode 100644 index 0000000..c6add21 --- /dev/null +++ b/backport-httpd-2.4.25-selinux.patch @@ -0,0 +1,63 @@ +diff --git a/configure.in b/configure.in +index c5896c1..96cd4a6 100644 +--- a/configure.in ++++ b/configure.in +@@ -530,6 +530,11 @@ + dnl confirm that a void pointer is large enough to store a long integer + APACHE_CHECK_VOID_PTR_LEN + ++AC_CHECK_LIB(selinux, is_selinux_enabled, [ ++ AC_DEFINE(HAVE_SELINUX, 1, [Defined if SELinux is supported]) ++ APR_ADDTO(HTTPD_LIBS, [-lselinux]) ++]) ++ + if test $ac_cv_func_gettid = no; then + # On Linux before glibc 2.30, gettid() is only usable via syscall() + AC_CACHE_CHECK([for gettid() via syscall], ap_cv_gettid, +diff --git a/server/core.c b/server/core.c +index 4da7209..515047b 100644 +--- a/server/core.c ++++ b/server/core.c +@@ -65,6 +65,10 @@ + #include <unistd.h> + #endif + ++#ifdef HAVE_SELINUX ++#include <selinux/selinux.h> ++#endif ++ + /* LimitRequestBody handling */ + #define AP_LIMIT_REQ_BODY_UNSET ((apr_off_t) -1) + #define AP_DEFAULT_LIMIT_REQ_BODY ((apr_off_t) 1<<30) /* 1GB */ +@@ -5095,6 +5099,28 @@ static int core_post_config(apr_pool_t *pconf, apr_pool_t *plog, apr_pool_t *pte + + mpm_common_pre_config(pconf); + ++#ifdef HAVE_SELINUX ++ { ++ static int already_warned = 0; ++ int is_enabled = is_selinux_enabled() > 0; ++ ++ if (is_enabled && !already_warned) { ++ security_context_t con; ++ ++ if (getcon(&con) == 0) { ++ ++ ap_log_error(APLOG_MARK, APLOG_NOTICE, 0, NULL, ++ "SELinux policy enabled; " ++ "httpd running as context %s", con); ++ ++ already_warned = 1; ++ ++ freecon(con); ++ } ++ } ++ } ++#endif ++ + return OK; + } + +-- +2.27.0 + |