AC_DEFUN([AC_FPM_APPARMOR],
[
- AC_MSG_CHECKING([for apparmor])
-
- SAVED_LIBS="$LIBS"
- LIBS="$LIBS -lapparmor"
-
- AC_TRY_LINK([ #include <sys/apparmor.h> ], [change_hat("test", 0);], [
- AC_DEFINE([HAVE_APPARMOR], 1, [do we have apparmor support?])
- AC_MSG_RESULT([yes])
- ], [
- LIBS="$SAVED_LIBS"
- AC_MSG_RESULT([no])
- ])
+ AC_MSG_CHECKING([for apparmor])
+
+ SAVED_LIBS="$LIBS"
+ LIBS="$LIBS -lapparmor"
+
+ AC_TRY_LINK([ #include <sys/apparmor.h> ], [change_hat("test", 0);], [
+ AC_DEFINE([HAVE_APPARMOR], 1, [do we have apparmor support?])
+ AC_MSG_RESULT([yes])
+ ], [
+ LIBS="$SAVED_LIBS"
+ AC_MSG_RESULT([no])
+ ])
])
AC_FPM_TRACE
AC_FPM_BUILTIN_ATOMIC
AC_FPM_LQ
- AC_FPM_SYSCONF
- AC_FPM_TIMES
- AC_FPM_KQUEUE
- AC_FPM_PORT
- AC_FPM_DEVPOLL
- AC_FPM_EPOLL
- AC_FPM_POLL
- AC_FPM_SELECT
- AC_FPM_APPARMOR
+ AC_FPM_SYSCONF
+ AC_FPM_TIMES
+ AC_FPM_KQUEUE
+ AC_FPM_PORT
+ AC_FPM_DEVPOLL
+ AC_FPM_EPOLL
+ AC_FPM_POLL
+ AC_FPM_SELECT
+ AC_FPM_APPARMOR
PHP_ARG_WITH(fpm-user,,
[ --with-fpm-user[=USER] Set the user for php-fpm to run as. (default: nobody)], nobody, no)
.test_successful = 0,
.heartbeat = 0,
.run_as_root = 0,
- .force_stderr = 0,
+ .force_stderr = 0,
.send_config_pipe = {0, 0},
};
fpm_globals.prefix = prefix;
fpm_globals.pid = pid;
fpm_globals.run_as_root = run_as_root;
- fpm_globals.force_stderr = force_stderr;
+ fpm_globals.force_stderr = force_stderr;
if (0 > fpm_php_init_main() ||
0 > fpm_stdio_init_main() ||
int test_successful;
int heartbeat;
int run_as_root;
- int force_stderr;
+ int force_stderr;
int send_config_pipe[2];
};
{ "catch_workers_output", &fpm_conf_set_boolean, WPO(catch_workers_output) },
{ "security.limit_extensions", &fpm_conf_set_string, WPO(security_limit_extensions) },
#ifdef HAVE_APPARMOR
- { "apparmor_hat", &fpm_conf_set_string, WPO(apparmor_hat) },
+ { "apparmor_hat", &fpm_conf_set_string, WPO(apparmor_hat) },
#endif
{ 0, 0, 0 }
};
free(wpc->chdir);
free(wpc->security_limit_extensions);
#ifdef HAVE_APPARMOR
- free(wpc->apparmor_hat);
+ free(wpc->apparmor_hat);
#endif
for (kv = wpc->php_values; kv; kv = kv_next) {
struct key_value_s *php_admin_values;
struct key_value_s *php_values;
#ifdef HAVE_APPARMOR
- char *apparmor_hat;
+ char *apparmor_hat;
#endif
};
{'R', 0, "allow-to-run-as-root"},
{'D', 0, "daemonize"},
{'F', 0, "nodaemonize"},
- {'O', 0, "force-stderr"},
+ {'O', 0, "force-stderr"},
{'-', 0, NULL} /* end of args */
};
char *fpm_pid = NULL;
int test_conf = 0;
int force_daemon = -1;
- int force_stderr = 0;
+ int force_stderr = 0;
int php_information = 0;
int php_allow_to_run_as_root = 0;
force_daemon = 0;
break;
- case 'O': /* force stderr even on non tty */
- force_stderr = 1;
- break;
+ case 'O': /* force stderr even on non tty */
+ force_stderr = 1;
+ break;
default:
case 'h':
}
#ifdef HAVE_APPARMOR
- if (wp->config->apparmor_hat) {
- char *con, *new_con;
- if (aa_getcon(&con, NULL) == -1) {
- zlog(ZLOG_SYSERROR, "[pool %s] failed to query apparmor confinement. Please check if \"/proc/*/attr/current\" is read and writeable.", wp->config->name);
- return -1;
- }
- new_con = malloc(strlen(con) + strlen(wp->config->apparmor_hat) + 3); // // + 0 Byte
- if (!new_con) {
- zlog(ZLOG_SYSERROR, "[pool %s] failed to allocate memory for apparmor hat change.", wp->config->name);
- return -1;
- }
- if (0 > sprintf(new_con, "%s//%s", con, wp->config->apparmor_hat)) {
- zlog(ZLOG_SYSERROR, "[pool %s] failed to construct apparmor confinement.", wp->config->name);
- return -1;
- }
- if (0 > aa_change_profile(new_con)) {
- zlog(ZLOG_SYSERROR, "[pool %s] failed to change to new confinement (%s). Please check if \"/proc/*/attr/current\" is read and writeable and \"change_profile -> %s//*\" is allowed.", wp->config->name, new_con, con);
- return -1;
- }
- free(con);
- free(new_con);
- }
+ if (wp->config->apparmor_hat) {
+ char *con, *new_con;
+
+ if (aa_getcon(&con, NULL) == -1) {
+ zlog(ZLOG_SYSERROR, "[pool %s] failed to query apparmor confinement. Please check if \"/proc/*/attr/current\" is read and writeable.", wp->config->name);
+ return -1;
+ }
+
+ new_con = malloc(strlen(con) + strlen(wp->config->apparmor_hat) + 3); // // + 0 Byte
+ if (!new_con) {
+ zlog(ZLOG_SYSERROR, "[pool %s] failed to allocate memory for apparmor hat change.", wp->config->name);
+ return -1;
+ }
+
+ if (0 > sprintf(new_con, "%s//%s", con, wp->config->apparmor_hat)) {
+ zlog(ZLOG_SYSERROR, "[pool %s] failed to construct apparmor confinement.", wp->config->name);
+ return -1;
+ }
+
+ if (0 > aa_change_profile(new_con)) {
+ zlog(ZLOG_SYSERROR, "[pool %s] failed to change to new confinement (%s). Please check if \"/proc/*/attr/current\" is read and writeable and \"change_profile -> %s//*\" is allowed.", wp->config->name, new_con, con);
+ return -1;
+ }
+
+ free(con);
+ free(new_con);
+ }
#endif
return 0;
projects / php / commitdiff