Log the SELinux context at startup.

Upstream-Status: unlikely to be any interest in this upstream

--- httpd-2.4.1/configure.in.selinux

+++ httpd-2.4.1/configure.in

@@ -458,6 +458,11 @@ fopen64

 dnl confirm that a void pointer is large enough to store a long integer

 APACHE_CHECK_VOID_PTR_LEN

+AC_CHECK_LIB(selinux, is_selinux_enabled, [

+   AC_DEFINE(HAVE_SELINUX, 1, [Defined if SELinux is supported])

+   APR_ADDTO(AP_LIBS, [-lselinux])

+])

+

 AC_CACHE_CHECK([for gettid()], ac_cv_gettid,

 [AC_TRY_RUN(#define _GNU_SOURCE

 #include <unistd.h>

--- httpd-2.4.1/server/core.c.selinux

+++ httpd-2.4.1/server/core.c

@@ -58,6 +58,10 @@

 #include <unistd.h>

 #endif

+#ifdef HAVE_SELINUX

+#include <selinux/selinux.h>

+#endif

+

 /* LimitRequestBody handling */

 #define AP_LIMIT_REQ_BODY_UNSET         ((apr_off_t) -1)

 #define AP_DEFAULT_LIMIT_REQ_BODY       ((apr_off_t) 0)

@@ -4452,6 +4456,28 @@ static int core_post_config(apr_pool_t *

     }

 #endif

+#ifdef HAVE_SELINUX

+    {

+        static int already_warned = 0;

+        int is_enabled = is_selinux_enabled() > 0;

+        

+        if (is_enabled && !already_warned) {

+            security_context_t con;

+            

+            if (getcon(&con) == 0) {

+                

+                ap_log_error(APLOG_MARK, APLOG_NOTICE, 0, NULL,

+                             "SELinux policy enabled; "

+                             "httpd running as context %s", con);

+                

+                already_warned = 1;

+                

+                freecon(con);

+            }

+        }

+    }

+#endif

+

     return OK;

 }