1From abd5b40c9b094e721e91a5d75132639149d7952f Mon Sep 17 00:00:00 2001 2From: Paul Eggleton <paul.eggleton@linux.intel.com> 3Date: Tue, 17 Jul 2012 11:27:39 +0100 4Subject: [PATCH] Log the SELinux context at startup. 5 6Log the SELinux context at startup. 7 8Upstream-Status: Inappropriate [other] 9 10Note: unlikely to be any interest in this upstream 11--- 12 configure.in | 5 +++++ 13 server/core.c | 26 ++++++++++++++++++++++++++ 14 2 files changed, 31 insertions(+) 15 16diff --git a/configure.in b/configure.in 17index ea6cec3..92b74b7 100644 18--- a/configure.in 19+++ b/configure.in 20@@ -491,6 +491,11 @@ getloadavg 21 dnl confirm that a void pointer is large enough to store a long integer 22 APACHE_CHECK_VOID_PTR_LEN 23 24+AC_CHECK_LIB(selinux, is_selinux_enabled, [ 25+ AC_DEFINE(HAVE_SELINUX, 1, [Defined if SELinux is supported]) 26+ APR_ADDTO(AP_LIBS, [-lselinux]) 27+]) 28+ 29 AC_CACHE_CHECK([for gettid()], ac_cv_gettid, 30 [AC_TRY_RUN(#define _GNU_SOURCE 31 #include <unistd.h> 32diff --git a/server/core.c b/server/core.c 33index 4da7209..d3ca25b 100644 34--- a/server/core.c 35+++ b/server/core.c 36@@ -65,6 +65,10 @@ 37 #include <unistd.h> 38 #endif 39 40+#ifdef HAVE_SELINUX 41+#include <selinux/selinux.h> 42+#endif 43+ 44 /* LimitRequestBody handling */ 45 #define AP_LIMIT_REQ_BODY_UNSET ((apr_off_t) -1) 46 #define AP_DEFAULT_LIMIT_REQ_BODY ((apr_off_t) 1<<30) /* 1GB */ 47@@ -5126,6 +5130,28 @@ static int core_post_config(apr_pool_t *pconf, apr_pool_t *plog, apr_pool_t *pte 48 } 49 #endif 50 51+#ifdef HAVE_SELINUX 52+ { 53+ static int already_warned = 0; 54+ int is_enabled = is_selinux_enabled() > 0; 55+ 56+ if (is_enabled && !already_warned) { 57+ security_context_t con; 58+ 59+ if (getcon(&con) == 0) { 60+ 61+ ap_log_error(APLOG_MARK, APLOG_NOTICE, 0, NULL, 62+ "SELinux policy enabled; " 63+ "httpd running as context %s", con); 64+ 65+ already_warned = 1; 66+ 67+ freecon(con); 68+ } 69+ } 70+ } 71+#endif 72+ 73 return OK; 74 } 75 76-- 772.25.1 78 79