diff options
author | 2019-04-15 11:39:38 +0800 | |
---|---|---|
committer | 2019-04-16 21:07:25 -0700 | |
commit | fd526d60d4b3842f1d21adbc2c1bb1492edadd48 (patch) | |
tree | 2455d57dddc62db8dca5bec2c7e8ec14f4ff95ae /meta-webserver/recipes-httpd/apache2/apache2/0004-apache2-log-the-SELinux-context-at-startup.patch | |
parent | b15a7358c65c4a7960dee3844f07bb6c5e289f32 (diff) | |
download | meta-openembedded-contrib-fd526d60d4b3842f1d21adbc2c1bb1492edadd48.tar.gz |
apache2: upgrade 2.4.34 -> 2.4.39
* Drop apache2-native recipe.
Add native to BBCLASSEXTEND in apache2 recipe.
* Refresh patches.
Drop CVE-2018-11763.patch and apache-configure_perlbin.patch
* Cleanup recipe file. Remove obsolete code.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Diffstat (limited to 'meta-webserver/recipes-httpd/apache2/apache2/0004-apache2-log-the-SELinux-context-at-startup.patch')
-rw-r--r-- | meta-webserver/recipes-httpd/apache2/apache2/0004-apache2-log-the-SELinux-context-at-startup.patch | 79 |
1 files changed, 79 insertions, 0 deletions
diff --git a/meta-webserver/recipes-httpd/apache2/apache2/0004-apache2-log-the-SELinux-context-at-startup.patch b/meta-webserver/recipes-httpd/apache2/apache2/0004-apache2-log-the-SELinux-context-at-startup.patch new file mode 100644 index 0000000000..78a04d9af4 --- /dev/null +++ b/meta-webserver/recipes-httpd/apache2/apache2/0004-apache2-log-the-SELinux-context-at-startup.patch @@ -0,0 +1,79 @@ +From dfa834ebd449df299f54e98f0fb3a7bb4008fb03 Mon Sep 17 00:00:00 2001 +From: Paul Eggleton <paul.eggleton@linux.intel.com> +Date: Tue, 17 Jul 2012 11:27:39 +0100 +Subject: [PATCH] Log the SELinux context at startup. + +Log the SELinux context at startup. + +Upstream-Status: Inappropriate [other] + +Note: unlikely to be any interest in this upstream + +--- + configure.in | 5 +++++ + server/core.c | 26 ++++++++++++++++++++++++++ + 2 files changed, 31 insertions(+) + +diff --git a/configure.in b/configure.in +index dc6ea15..caa6f54 100644 +--- a/configure.in ++++ b/configure.in +@@ -466,6 +466,11 @@ getloadavg + dnl confirm that a void pointer is large enough to store a long integer + APACHE_CHECK_VOID_PTR_LEN + ++AC_CHECK_LIB(selinux, is_selinux_enabled, [ ++ AC_DEFINE(HAVE_SELINUX, 1, [Defined if SELinux is supported]) ++ APR_ADDTO(AP_LIBS, [-lselinux]) ++]) ++ + AC_CACHE_CHECK([for gettid()], ac_cv_gettid, + [AC_TRY_RUN(#define _GNU_SOURCE + #include <unistd.h> +diff --git a/server/core.c b/server/core.c +index 7aa841f..79f34db 100644 +--- a/server/core.c ++++ b/server/core.c +@@ -59,6 +59,10 @@ + #include <unistd.h> + #endif + ++#ifdef HAVE_SELINUX ++#include <selinux/selinux.h> ++#endif ++ + /* LimitRequestBody handling */ + #define AP_LIMIT_REQ_BODY_UNSET ((apr_off_t) -1) + #define AP_DEFAULT_LIMIT_REQ_BODY ((apr_off_t) 0) +@@ -4984,6 +4988,28 @@ static int core_post_config(apr_pool_t *pconf, apr_pool_t *plog, apr_pool_t *pte + } + #endif + ++#ifdef HAVE_SELINUX ++ { ++ static int already_warned = 0; ++ int is_enabled = is_selinux_enabled() > 0; ++ ++ if (is_enabled && !already_warned) { ++ security_context_t con; ++ ++ if (getcon(&con) == 0) { ++ ++ ap_log_error(APLOG_MARK, APLOG_NOTICE, 0, NULL, ++ "SELinux policy enabled; " ++ "httpd running as context %s", con); ++ ++ already_warned = 1; ++ ++ freecon(con); ++ } ++ } ++ } ++#endif ++ + return OK; + } + +-- +2.7.4 + |