httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From KaiGai Kohei <>
Subject [PATCH 47021] A new MPM (security) and mod_selinux module
Date Tue, 14 Apr 2009 08:38:41 GMT
I filed an entry on the bugzilla:
  * Bug 47021 - A new MPM (security) and mod_selinux module

It is the first time for me to submit patches in the community,
please tell me if I had something incorrect manner.


KaiGai Kohei wrote:
> KaiGai Kohei wrote:
>> Stefan Fritsch wrote:
>>> On Thursday 09 April 2009, Graham Dumpleton wrote:
>>>> Only you would know that. But then, I could be pointing you at the
>>>> wrong MPM. There is from memory another by another name developed
>>>> outside of ASF which intends to do the same think. The way it is
>>>> implemented is probably going to be different and may be the one I
>>>> am actually thinking of. I can't remember the name of it right now.
>>> Maybe you mean MPM itk, which can change to different users for 
>>> different vhosts?
>> Thanks for your information.
>> It is designed on the prefork. It makes a child process for each
>> connection to call ap_process_connection() in separated context,
>> and the parent waits for the completion of this.
>> In addition, it assigns configured uid/gid on the header_parser hook,
>> then contents handlers are invoked.
>> It seems to me that we can share its basic idea and design.
>> The mpm-itk also has separatable two functionalities:
>>  1. it makes a process for each connection.
>>  2. it assigns privileges on a process.
>> I believe we are now on the right direction.
> At first, I planed to implement a new mpm from the scratch, but I
> reconsidered it may be a burden for the reviewers, so the attached
> patch is implemented as an enhancement of the latest prefork.
> (I guess it is a preferable manner.)
> The first attached patch adds a new "security" mpm which enables to
> launch a new process for each connections, and gives a chance to assign
> appropriate privileges for external modules. The newly spawned process
> is always one-time purpose, because SELinux does not allow to revert
> its privileges.
> The second patch is an implementation of the mod_selinux module which
> assigns the working process a security context based on authentication
> process at the fixups hook, prior to invocations of contents handler.
>   Step to apply the patches:
>   % svn co httpd-devel
>   % cd httpd-devel
>   % mkdir -p server/mpm/security
>   % cp -f server/mpm/prefork/prefork.c server/mpm/security
>   % cp -f server/mpm/prefork/mpm_default.h server/mpm/security
>   % cat ~/apache-httpd-security-mpm.1.patch | patch -p1
>   % cat ~/apache-httpd-mod_selinux.1.patch | patch -p1
>   (*) The attached patch contains only differences from the prefork.
> I would like to push this kind of features to the upstreamed httpd
> eventually. If you have any suggestion, please feel free to comment.
> Thanks,

OSS Platform Development Division, NEC
KaiGai Kohei <>

View raw message