File suphp-0.7.1-cagefs.patch of Package mod_suphp

Overview Repositories Revisions Requests Users Attributes Meta

File suphp-0.7.1-cagefs.patch of Package mod_suphp

diff --git a/configure.ac b/configure.ac
index 0a810b6..cdf7ea4 100644
--- a/configure.ac
+++ b/configure.ac
@@ -170,6 +170,19 @@ AC_ARG_ENABLE([checkpath],
 	      ])
 
 
+# Cloudlinux LVE
+
+AC_ARG_ENABLE([lve], 
+              AC_HELP_STRING([--enable-lve],
+                             [Include CloudLinux LVE support]),
+              [
+               if test "$enableval" = "yes"; then
+                 AC_DEFINE(ENABLE_LVE, 1, [Define if you want LVE support])
+                 AC_CHECK_LIB([dl], [dlopen])
+               fi
+              ])
+
+
 # Minimum UID
 
 AC_ARG_WITH([min-uid], 
diff --git a/src/Application.cpp b/src/Application.cpp
index edb3409..0d6e34a 100644
--- a/src/Application.cpp
+++ b/src/Application.cpp
@@ -37,6 +37,11 @@
 
 #include "Application.hpp"
 
+#ifdef ENABLE_LVE
+#include <pwd.h>
+#include <dlfcn.h>
+#endif
+
 using namespace suPHP;
 
 
@@ -441,6 +446,29 @@ void suPHP::Application::changeProcessPermissions(
     throw (SystemException, SoftException, SecurityException) {
     API& api = API_Helper::getSystemAPI();
 
+#ifdef ENABLE_LVE
+#ifndef SECURELVE_MIN_UID
+#define SECURELVE_MIN_UID 100
+#endif
+    /* cagefs 2.0 suphp patch */
+    void *lib_handle = dlopen("liblve.so.0", RTLD_LAZY);
+    if (lib_handle) {
+        Logger& logger = API_Helper::getSystemAPI().getSystemLogger();
+        char *error; char error_msg[8192];   dlerror();    /* Clear any existing error */
+        int (*jail)(struct passwd *, int, char*) = (int (*)(passwd*, int, char*)) dlsym(lib_handle, "lve_jail_uid");
+        if ((error = dlerror()) != NULL) {
+            std::string err("Failed to init LVE library ");
+            err += error; logger.logWarning(err);
+            throw SoftException(err, __FILE__, __LINE__);
+        }
+        int result = jail(getpwuid(targetUser.getUid()), SECURELVE_MIN_UID, error_msg);
+        if (result < 0) {
+	         std::string err("CageFS jail error ");
+            err += error_msg; logger.logWarning(err);
+            throw SoftException(err, __FILE__, __LINE__);
+        }
+    }
+#endif
     // Set new group first, because we still need super-user privileges
     // for this
     api.setProcessGroup(targetGroup);

Places

File suphp-0.7.1-cagefs.patch of Package mod_suphp

Places