| |
@@ -1,24 +1,22 @@
|
| |
diff --git a/configure.in b/configure.in
|
| |
index 74015ca..8c0ee10 100644
|
| |
- --- a/configure.in
|
| |
- +++ b/configure.in
|
| |
- @@ -508,6 +508,11 @@ getloadavg
|
| |
- dnl confirm that a void pointer is large enough to store a long integer
|
| |
- APACHE_CHECK_VOID_PTR_LEN
|
| |
-
|
| |
- +AC_CHECK_LIB(selinux, is_selinux_enabled, [
|
| |
- + AC_DEFINE(HAVE_SELINUX, 1, [Defined if SELinux is supported])
|
| |
- + APR_ADDTO(HTTPD_LIBS, [-lselinux])
|
| |
- +])
|
| |
- +
|
| |
- AC_CACHE_CHECK([for gettid()], ac_cv_gettid,
|
| |
- [AC_TRY_RUN(#define _GNU_SOURCE
|
| |
- #include <unistd.h>
|
| |
- diff --git a/server/core.c b/server/core.c
|
| |
- index a6fa2fb..cf4cba4 100644
|
| |
- --- a/server/core.c
|
| |
- +++ b/server/core.c
|
| |
- @@ -65,6 +65,10 @@
|
| |
+ --- httpd-2.4.54/modules/arch/unix/config5.m4.selinux
|
| |
+ +++ httpd-2.4.54/modules/arch/unix/config5.m4
|
| |
+ @@ -23,6 +23,11 @@
|
| |
+ AC_MSG_WARN([Your system does not support systemd.])
|
| |
+ enable_systemd="no"
|
| |
+ else
|
| |
+ + AC_CHECK_LIB(selinux, is_selinux_enabled, [
|
| |
+ + AC_DEFINE(HAVE_SELINUX, 1, [Defined if SELinux is supported])
|
| |
+ + APR_ADDTO(MOD_SYSTEMD_LDADD, [-lselinux])
|
| |
+ + ])
|
| |
+ +
|
| |
+ APR_ADDTO(MOD_SYSTEMD_LDADD, [$SYSTEMD_LIBS])
|
| |
+ fi
|
| |
+ ])
|
| |
+ --- httpd-2.4.54/modules/arch/unix/mod_systemd.c.selinux
|
| |
+ +++ httpd-2.4.54/modules/arch/unix/mod_systemd.c
|
| |
+ @@ -35,6 +35,10 @@
|
| |
#include <unistd.h>
|
| |
#endif
|
| |
|
| |
@@ -26,35 +24,38 @@
|
| |
+#include <selinux/selinux.h>
|
| |
+#endif
|
| |
+
|
| |
- /* LimitRequestBody handling */
|
| |
- #define AP_LIMIT_REQ_BODY_UNSET ((apr_off_t) -1)
|
| |
- #define AP_DEFAULT_LIMIT_REQ_BODY ((apr_off_t) 1<<30) /* 1GB */
|
| |
- @@ -5150,6 +5154,28 @@ static int core_post_config(apr_pool_t *pconf, apr_pool_t *plog, apr_pool_t *pte
|
| |
- }
|
| |
- #endif
|
| |
+ APR_DECLARE_OPTIONAL_FN(int,
|
| |
+ ap_find_systemd_socket, (process_rec *, apr_port_t));
|
| |
+
|
| |
+ @@ -70,6 +74,20 @@
|
| |
+ return apr_psprintf(p, "%s port %u", addr, sa->port);
|
| |
+ }
|
| |
|
| |
+#ifdef HAVE_SELINUX
|
| |
- + {
|
| |
- + static int already_warned = 0;
|
| |
- + int is_enabled = is_selinux_enabled() > 0;
|
| |
- +
|
| |
- + if (is_enabled && !already_warned) {
|
| |
- + security_context_t con;
|
| |
- +
|
| |
- + if (getcon(&con) == 0) {
|
| |
- +
|
| |
- + ap_log_error(APLOG_MARK, APLOG_NOTICE, 0, NULL,
|
| |
- + "SELinux policy enabled; "
|
| |
- + "httpd running as context %s", con);
|
| |
- +
|
| |
- + already_warned = 1;
|
| |
- +
|
| |
- + freecon(con);
|
| |
- + }
|
| |
- + }
|
| |
+ +static void log_selinux_context(void)
|
| |
+ +{
|
| |
+ + char *con;
|
| |
+ +
|
| |
+ + if (is_selinux_enabled() && getcon(&con) == 0) {
|
| |
+ + ap_log_error(APLOG_MARK, APLOG_NOTICE, 0, NULL,
|
| |
+ + "SELinux policy enabled; "
|
| |
+ + "httpd running as context %s", con);
|
| |
+ + freecon(con);
|
| |
+ }
|
| |
+ +}
|
| |
+#endif
|
| |
+
|
| |
- return OK;
|
| |
- }
|
| |
+ /* Report the service is ready in post_config, which could be during
|
| |
+ * startup or after a reload. The server could still hit a fatal
|
| |
+ * startup error after this point during ap_run_mpm(), so this is
|
| |
+ @@ -87,6 +105,10 @@
|
| |
+ if (ap_state_query(AP_SQ_MAIN_STATE) == AP_SQ_MS_CREATE_PRE_CONFIG)
|
| |
+ return OK;
|
| |
+
|
| |
+ +#ifdef HAVE_SELINUX
|
| |
+ + log_selinux_context();
|
| |
+ +#endif
|
| |
+ +
|
| |
+ for (lr = ap_listeners; lr; lr = lr->next) {
|
| |
+ char *s = dump_listener(lr, ptemp);
|
| |
|
| |