diff options
author | Damien Miller <djm@mindrot.org> | 2018-02-26 12:17:22 +1100 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2018-02-26 12:17:22 +1100 |
commit | bda709b8e13d3eef19e69c2d1684139e3af728f5 (patch) | |
tree | f0651d7bbad8c6e3cc18c899fd2dde11ea2b426d | |
parent | 2e396439365c4ca352cac222717d09b14f8a0dfd (diff) |
avoid inclusion of deprecated selinux/flask.h
Use string_to_security_class() instead.
-rw-r--r-- | openbsd-compat/port-linux.c | 9 |
1 files changed, 6 insertions, 3 deletions
diff --git a/openbsd-compat/port-linux.c b/openbsd-compat/port-linux.c index e4c5d1b7c..8c5325cc3 100644 --- a/openbsd-compat/port-linux.c +++ b/openbsd-compat/port-linux.c | |||
@@ -33,7 +33,6 @@ | |||
33 | 33 | ||
34 | #ifdef WITH_SELINUX | 34 | #ifdef WITH_SELINUX |
35 | #include <selinux/selinux.h> | 35 | #include <selinux/selinux.h> |
36 | #include <selinux/flask.h> | ||
37 | #include <selinux/get_context_list.h> | 36 | #include <selinux/get_context_list.h> |
38 | 37 | ||
39 | #ifndef SSH_SELINUX_UNCONFINED_TYPE | 38 | #ifndef SSH_SELINUX_UNCONFINED_TYPE |
@@ -139,6 +138,7 @@ ssh_selinux_setup_pty(char *pwname, const char *tty) | |||
139 | security_context_t new_tty_ctx = NULL; | 138 | security_context_t new_tty_ctx = NULL; |
140 | security_context_t user_ctx = NULL; | 139 | security_context_t user_ctx = NULL; |
141 | security_context_t old_tty_ctx = NULL; | 140 | security_context_t old_tty_ctx = NULL; |
141 | security_class_t chrclass; | ||
142 | 142 | ||
143 | if (!ssh_selinux_enabled()) | 143 | if (!ssh_selinux_enabled()) |
144 | return; | 144 | return; |
@@ -153,9 +153,12 @@ ssh_selinux_setup_pty(char *pwname, const char *tty) | |||
153 | error("%s: getfilecon: %s", __func__, strerror(errno)); | 153 | error("%s: getfilecon: %s", __func__, strerror(errno)); |
154 | goto out; | 154 | goto out; |
155 | } | 155 | } |
156 | 156 | if ((chrclass = string_to_security_class("chr_file")) == 0) { | |
157 | error("%s: couldn't get security class for chr_file", __func__); | ||
158 | goto out; | ||
159 | } | ||
157 | if (security_compute_relabel(user_ctx, old_tty_ctx, | 160 | if (security_compute_relabel(user_ctx, old_tty_ctx, |
158 | SECCLASS_CHR_FILE, &new_tty_ctx) != 0) { | 161 | chrclass, &new_tty_ctx) != 0) { |
159 | error("%s: security_compute_relabel: %s", | 162 | error("%s: security_compute_relabel: %s", |
160 | __func__, strerror(errno)); | 163 | __func__, strerror(errno)); |
161 | goto out; | 164 | goto out; |