I filed an entry on the bugzilla: * Bug 47021 - A new MPM (security) and mod_selinux module https://issues.apache.org/bugzilla/show_bug.cgi?id=47021
It is the first time for me to submit patches in the community, please tell me if I had something incorrect manner. Thanks, KaiGai Kohei wrote: > KaiGai Kohei wrote: >> Stefan Fritsch wrote: >>> On Thursday 09 April 2009, Graham Dumpleton wrote: >>>> Only you would know that. But then, I could be pointing you at the >>>> wrong MPM. There is from memory another by another name developed >>>> outside of ASF which intends to do the same think. The way it is >>>> implemented is probably going to be different and may be the one I >>>> am actually thinking of. I can't remember the name of it right now. >>> Maybe you mean MPM itk, which can change to different users for >>> different vhosts? >>> >>> http://mpm-itk.sesse.net/ >> Thanks for your information. >> >> It is designed on the prefork. It makes a child process for each >> connection to call ap_process_connection() in separated context, >> and the parent waits for the completion of this. >> In addition, it assigns configured uid/gid on the header_parser hook, >> then contents handlers are invoked. >> >> It seems to me that we can share its basic idea and design. >> The mpm-itk also has separatable two functionalities: >> 1. it makes a process for each connection. >> 2. it assigns privileges on a process. >> >> I believe we are now on the right direction. > > At first, I planed to implement a new mpm from the scratch, but I > reconsidered it may be a burden for the reviewers, so the attached > patch is implemented as an enhancement of the latest prefork. > (I guess it is a preferable manner.) > > The first attached patch adds a new "security" mpm which enables to > launch a new process for each connections, and gives a chance to assign > appropriate privileges for external modules. The newly spawned process > is always one-time purpose, because SELinux does not allow to revert > its privileges. > > The second patch is an implementation of the mod_selinux module which > assigns the working process a security context based on authentication > process at the fixups hook, prior to invocations of contents handler. > > Step to apply the patches: > % svn co http://svn.apache.org/repos/asf/httpd/httpd/trunk httpd-devel > % cd httpd-devel > % mkdir -p server/mpm/security > % cp -f server/mpm/prefork/prefork.c server/mpm/security > % cp -f server/mpm/prefork/mpm_default.h server/mpm/security > % cat ~/apache-httpd-security-mpm.1.patch | patch -p1 > % cat ~/apache-httpd-mod_selinux.1.patch | patch -p1 > > (*) The attached patch contains only differences from the prefork. > > I would like to push this kind of features to the upstreamed httpd > eventually. If you have any suggestion, please feel free to comment. > > Thanks, > -- OSS Platform Development Division, NEC KaiGai Kohei <[email protected]>
