1From e47cc405eadcbe37a579c375e824e20a5c53bfad Mon Sep 17 00:00:00 2001 2From: Paul Eggleton <paul.eggleton@linux.intel.com> 3Date: Tue, 17 Jul 2012 11:27:39 +0100 4Subject: [PATCH] Log the SELinux context at startup. 5 6Log the SELinux context at startup. 7 8Upstream-Status: Inappropriate [other] 9 10Note: unlikely to be any interest in this upstream 11 12--- 13 configure.in | 5 +++++ 14 server/core.c | 26 ++++++++++++++++++++++++++ 15 2 files changed, 31 insertions(+) 16 17diff --git a/configure.in b/configure.in 18index ea6cec3..92b74b7 100644 19--- a/configure.in 20+++ b/configure.in 21@@ -491,6 +491,11 @@ getloadavg 22 dnl confirm that a void pointer is large enough to store a long integer 23 APACHE_CHECK_VOID_PTR_LEN 24 25+AC_CHECK_LIB(selinux, is_selinux_enabled, [ 26+ AC_DEFINE(HAVE_SELINUX, 1, [Defined if SELinux is supported]) 27+ APR_ADDTO(AP_LIBS, [-lselinux]) 28+]) 29+ 30 AC_CACHE_CHECK([for gettid()], ac_cv_gettid, 31 [AC_TRY_RUN(#define _GNU_SOURCE 32 #include <unistd.h> 33diff --git a/server/core.c b/server/core.c 34index 4da7209..d3ca25b 100644 35--- a/server/core.c 36+++ b/server/core.c 37@@ -65,6 +65,10 @@ 38 #include <unistd.h> 39 #endif 40 41+#ifdef HAVE_SELINUX 42+#include <selinux/selinux.h> 43+#endif 44+ 45 /* LimitRequestBody handling */ 46 #define AP_LIMIT_REQ_BODY_UNSET ((apr_off_t) -1) 47 #define AP_DEFAULT_LIMIT_REQ_BODY ((apr_off_t) 1<<30) /* 1GB */ 48@@ -5126,6 +5130,28 @@ static int core_post_config(apr_pool_t *pconf, apr_pool_t *plog, apr_pool_t *pte 49 } 50 #endif 51 52+#ifdef HAVE_SELINUX 53+ { 54+ static int already_warned = 0; 55+ int is_enabled = is_selinux_enabled() > 0; 56+ 57+ if (is_enabled && !already_warned) { 58+ security_context_t con; 59+ 60+ if (getcon(&con) == 0) { 61+ 62+ ap_log_error(APLOG_MARK, APLOG_NOTICE, 0, NULL, 63+ "SELinux policy enabled; " 64+ "httpd running as context %s", con); 65+ 66+ already_warned = 1; 67+ 68+ freecon(con); 69+ } 70+ } 71+ } 72+#endif 73+ 74 return OK; 75 } 76 77