context at startup, since this may vary when httpd is started via
systemd vs being started directly.
* modules/arch/unix/mod_systemd.c (systemd_post_config):
Do nothing for the pre-config iteration.
Log the SELinux context if available.
* modules/arch/unix/config5.m4: Detect libselinux.
Have at least one CI job build mod_systemd.
Github: closes#422
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1916344 13f79535-47bb-0310-9956-ffa450edef68
Until this change httpd was linking libsystemd to the main httpd binary. If you want to run lightweight version of httpd in container, sometimes you just want to install
httpd binary with as little dependencies as possible to make container small in size and do not pull uncencessary dependencies and libraries.
This change will move all systemd library calls from listen.c to mod_systemd module and remove systemd linking from the main httpd bin.
Fixed mixed declaration and wrongly declared variable.
Submitted by: Luboš Uhliarik <luhliari redhat.com>
Github: closes#312
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1899784 13f79535-47bb-0310-9956-ffa450edef68
give more feedback to systemd during a reload.
* modules/arch/unix/mod_systemd.c (systemd_pre_config): New
function; tell systemd the service is reloading here.
(systemd_pre_mpm): Don't set ap_extended_status here, do nothing
if ExtendedStatus is off.
(register_hooks): Register pre_config hook.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1802251 13f79535-47bb-0310-9956-ffa450edef68
autoconf warnings; define HAVE_SYSTEMD rather than using CPPFLAGS.
* server/listen.c: Use HAVE_SYSTEMD for systemd #define.
* modules/arch/unix/config5.m4: Update systemd headers check.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1528032 13f79535-47bb-0310-9956-ffa450edef68
mod_systemd: Specify "all" instead of "yes" (on Unix) so that APACHE_MODULE doesn't
act as if the user requested it.
General: Fix APACHE_MODULE so that failed prereqs will disable a module unless the
user requested it explicitly.
Result: By default systemd will be enabled where it actually works and disabled otherwise,
but if the user requests it and the prereqs fail then configure will halt.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1396440 13f79535-47bb-0310-9956-ffa450edef68
weaker set of privileges than the full setuid/setgid root binary.
* configure.in: Add --enable-suexec-capabilites flag.
* Makefile.in: If configured, use setcap instead of chmod 7555 on
installed suexec binary.
* modules/arch/unix/mod_unixd.c (unixd_pre_config): Drop test for
setuid bit if capability bits are used.
* docs/manual/: Add docs.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1342065 13f79535-47bb-0310-9956-ffa450edef68
from the parsed (or default) config. This is useful for init scripts that
need to setup temporary directories and permissions, for example if those
temporary directories are located on a ram disk.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1180681 13f79535-47bb-0310-9956-ffa450edef68
binary (Suexec Off), or force startup failure if suEXEC is required
but not supported (Suexec On). Change SuexecUserGroup to fail
startup instead of just printing a warning if suEXEC is disabled.
Additionally, ap_unixd_config.suexec_disabled_reason has a message,
suitable for logging/messaging, explaining why the feature isn't
available.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1033519 13f79535-47bb-0310-9956-ffa450edef68
. axe --with-mpm="shared" hack, replace with --enable-mpms-shared={all|list}
. replace singular MPM_NAME with access to the list of enabled MPMs
. replace singular MPM_SUBDIR with list MPM_SUBDIRS
. enable OS/2 MPM in same manner as others with configure support instead of
hard-coding in configure.in
Current state: MPMs are built as static archives (but not linked to httpd) with
--enable-mpms-shared, so they still have to be built with apxs to load
dynamically.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@832228 13f79535-47bb-0310-9956-ffa450edef68
mode to fork an unprivileged child per-request in the manner of MPM-ITK
anwhere there's a risk of running malicious code.
Documentation to follow.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@771144 13f79535-47bb-0310-9956-ffa450edef68
linked-in mod_unixd.c to handle that.
(The set of MPMs modified is the same set for which mod_unixd is enabled,
which is approximately equivalent to the set of Unix MPMs which anybody has
tried to maintain in recent memory.)
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@758278 13f79535-47bb-0310-9956-ffa450edef68
MPMs no longer provide those definitions
(the signal server support is an interesting problem, since it has to be known before loading
loading the MPM)
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@758014 13f79535-47bb-0310-9956-ffa450edef68
--with-mpm=shared
on configure. When built thusly, an MPM should be loaded via LoadModule.
(Currently you need to build the MPM with apxs.)
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@757999 13f79535-47bb-0310-9956-ffa450edef68
If someone wants to find a better place for it, then feel free to
so so only if you compile with -Werror before committing.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@739151 13f79535-47bb-0310-9956-ffa450edef68
