|
 |
110f0ad |
--- httpd-2.2.11/configure.in.selinux
|
|
|
110f0ad |
+++ httpd-2.2.11/configure.in
|
|
|
110f0ad |
@@ -412,6 +412,10 @@ getpgid
|
|
|
110f0ad |
dnl confirm that a void pointer is large enough to store a long integer
|
|
|
110f0ad |
APACHE_CHECK_VOID_PTR_LEN
|
|
|
110f0ad |
|
|
|
110f0ad |
+AC_CHECK_LIB(selinux, is_selinux_enabled, [
|
|
|
110f0ad |
+ APR_ADDTO(AP_LIBS, [-lselinux])
|
|
|
110f0ad |
+])
|
|
|
110f0ad |
+
|
|
|
110f0ad |
dnl ## Check for the tm_gmtoff field in struct tm to get the timezone diffs
|
|
|
110f0ad |
AC_CACHE_CHECK([for tm_gmtoff in struct tm], ac_cv_struct_tm_gmtoff,
|
|
|
110f0ad |
[AC_TRY_COMPILE([#include <sys/types.h>
|
|
|
110f0ad |
--- httpd-2.2.11/server/core.c.selinux
|
|
|
110f0ad |
+++ httpd-2.2.11/server/core.c
|
|
|
96e0b33 |
@@ -51,6 +51,8 @@
|
|
|
96e0b33 |
|
|
|
96e0b33 |
#include "mod_so.h" /* for ap_find_loaded_module_symbol */
|
|
|
9d36ace |
|
|
|
9d36ace |
+#include <selinux/selinux.h>
|
|
|
9d36ace |
+
|
|
|
9d36ace |
/* LimitRequestBody handling */
|
|
|
9d36ace |
#define AP_LIMIT_REQ_BODY_UNSET ((apr_off_t) -1)
|
|
|
9d36ace |
#define AP_DEFAULT_LIMIT_REQ_BODY ((apr_off_t) 0)
|
|
|
110f0ad |
@@ -3796,6 +3798,26 @@ static int core_post_config(apr_pool_t *
|
|
|
9d36ace |
}
|
|
|
9d36ace |
#endif
|
|
|
9d36ace |
|
|
|
9d36ace |
+ {
|
|
|
9d36ace |
+ static int already_warned = 0;
|
|
|
9d36ace |
+ int is_enabled = is_selinux_enabled() > 0;
|
|
|
9d36ace |
+
|
|
|
96e0b33 |
+ if (is_enabled && !already_warned) {
|
|
|
9d36ace |
+ security_context_t con;
|
|
|
9d36ace |
+
|
|
|
9d36ace |
+ if (getcon(&con) == 0) {
|
|
|
9d36ace |
+
|
|
|
9d36ace |
+ ap_log_error(APLOG_MARK, APLOG_NOTICE, 0, NULL,
|
|
|
9d36ace |
+ "SELinux policy enabled; "
|
|
|
9d36ace |
+ "httpd running as context %s", con);
|
|
|
9d36ace |
+
|
|
|
9d36ace |
+ already_warned = 1;
|
|
|
9d36ace |
+
|
|
|
9d36ace |
+ freecon(con);
|
|
|
9d36ace |
+ }
|
|
|
9d36ace |
+ }
|
|
|
9d36ace |
+ }
|
|
|
9d36ace |
+
|
|
|
9d36ace |
return OK;
|
|
|
9d36ace |
}
|
|
|
9d36ace |
|