| |
| Log the SELinux context at startup. |
| |
| Upstream-Status: unlikely to be any interest in this upstream |
| |
| |
| |
| @@ -458,6 +458,11 @@ fopen64 |
| dnl confirm that a void pointer is large enough to store a long integer |
| APACHE_CHECK_VOID_PTR_LEN |
| |
| +AC_CHECK_LIB(selinux, is_selinux_enabled, [ |
| + AC_DEFINE(HAVE_SELINUX, 1, [Defined if SELinux is supported]) |
| + APR_ADDTO(AP_LIBS, [-lselinux]) |
| +]) |
| + |
| AC_CACHE_CHECK([for gettid()], ac_cv_gettid, |
| [AC_TRY_RUN(#define _GNU_SOURCE |
| #include <unistd.h> |
| |
| |
| @@ -58,6 +58,10 @@ |
| #include <unistd.h> |
| #endif |
| |
| +#ifdef HAVE_SELINUX |
| +#include <selinux/selinux.h> |
| +#endif |
| + |
| /* LimitRequestBody handling */ |
| #define AP_LIMIT_REQ_BODY_UNSET ((apr_off_t) -1) |
| #define AP_DEFAULT_LIMIT_REQ_BODY ((apr_off_t) 0) |
| @@ -4452,6 +4456,28 @@ static int core_post_config(apr_pool_t * |
| } |
| #endif |
| |
| +#ifdef HAVE_SELINUX |
| + { |
| + static int already_warned = 0; |
| + int is_enabled = is_selinux_enabled() > 0; |
| + |
| + if (is_enabled && !already_warned) { |
| + security_context_t con; |
| + |
| + if (getcon(&con) == 0) { |
| + |
| + ap_log_error(APLOG_MARK, APLOG_NOTICE, 0, NULL, |
| + "SELinux policy enabled; " |
| + "httpd running as context %s", con); |
| + |
| + already_warned = 1; |
| + |
| + freecon(con); |
| + } |
| + } |
| + } |
| +#endif |
| + |
| return OK; |
| } |
| |