summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDamien Miller <djm@mindrot.org>2018-02-26 12:17:22 +1100
committerDamien Miller <djm@mindrot.org>2018-02-26 12:17:22 +1100
commitbda709b8e13d3eef19e69c2d1684139e3af728f5 (patch)
treef0651d7bbad8c6e3cc18c899fd2dde11ea2b426d
parent2e396439365c4ca352cac222717d09b14f8a0dfd (diff)
avoid inclusion of deprecated selinux/flask.h
Use string_to_security_class() instead.
-rw-r--r--openbsd-compat/port-linux.c9
1 files changed, 6 insertions, 3 deletions
diff --git a/openbsd-compat/port-linux.c b/openbsd-compat/port-linux.c
index e4c5d1b7c..8c5325cc3 100644
--- a/openbsd-compat/port-linux.c
+++ b/openbsd-compat/port-linux.c
@@ -33,7 +33,6 @@
33 33
34#ifdef WITH_SELINUX 34#ifdef WITH_SELINUX
35#include <selinux/selinux.h> 35#include <selinux/selinux.h>
36#include <selinux/flask.h>
37#include <selinux/get_context_list.h> 36#include <selinux/get_context_list.h>
38 37
39#ifndef SSH_SELINUX_UNCONFINED_TYPE 38#ifndef SSH_SELINUX_UNCONFINED_TYPE
@@ -139,6 +138,7 @@ ssh_selinux_setup_pty(char *pwname, const char *tty)
139 security_context_t new_tty_ctx = NULL; 138 security_context_t new_tty_ctx = NULL;
140 security_context_t user_ctx = NULL; 139 security_context_t user_ctx = NULL;
141 security_context_t old_tty_ctx = NULL; 140 security_context_t old_tty_ctx = NULL;
141 security_class_t chrclass;
142 142
143 if (!ssh_selinux_enabled()) 143 if (!ssh_selinux_enabled())
144 return; 144 return;
@@ -153,9 +153,12 @@ ssh_selinux_setup_pty(char *pwname, const char *tty)
153 error("%s: getfilecon: %s", __func__, strerror(errno)); 153 error("%s: getfilecon: %s", __func__, strerror(errno));
154 goto out; 154 goto out;
155 } 155 }
156 156 if ((chrclass = string_to_security_class("chr_file")) == 0) {
157 error("%s: couldn't get security class for chr_file", __func__);
158 goto out;
159 }
157 if (security_compute_relabel(user_ctx, old_tty_ctx, 160 if (security_compute_relabel(user_ctx, old_tty_ctx,
158 SECCLASS_CHR_FILE, &new_tty_ctx) != 0) { 161 chrclass, &new_tty_ctx) != 0) {
159 error("%s: security_compute_relabel: %s", 162 error("%s: security_compute_relabel: %s",
160 __func__, strerror(errno)); 163 __func__, strerror(errno));
161 goto out; 164 goto out;