summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorColin Watson <cjwatson@debian.org>2010-01-02 00:48:04 +0000
committerColin Watson <cjwatson@debian.org>2010-01-02 00:48:04 +0000
commitc4ee4042fcb3bfa23696ad73a6319363cd625740 (patch)
treecc264727972f7f4620c5872b54b5cd1aeca9f483
parent9649a8bd3d181cff206116ce59059d004a1a7c75 (diff)
Make ChrootDirectory work with SELinux (thanks, Russell Coker; closes:
#556644).
-rw-r--r--debian/changelog2
-rw-r--r--session.c8
2 files changed, 6 insertions, 4 deletions
diff --git a/debian/changelog b/debian/changelog
index e0bc80ef2..0b688f8ca 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -33,6 +33,8 @@ openssh (1:5.2p1-1) UNRELEASED; urgency=low
33 * Use x11.pc when compiling/linking gnome-ssh-askpass2 (closes: #555951). 33 * Use x11.pc when compiling/linking gnome-ssh-askpass2 (closes: #555951).
34 * Moved to bzr.debian.org; add Vcs-Bzr and Vcs-Browser control fields. 34 * Moved to bzr.debian.org; add Vcs-Bzr and Vcs-Browser control fields.
35 * Add debian/README.source with instructions on bzr handling. 35 * Add debian/README.source with instructions on bzr handling.
36 * Make ChrootDirectory work with SELinux (thanks, Russell Coker; closes:
37 #556644).
36 38
37 -- Colin Watson <cjwatson@debian.org> Thu, 12 Nov 2009 21:31:44 +0000 39 -- Colin Watson <cjwatson@debian.org> Thu, 12 Nov 2009 21:31:44 +0000
38 40
diff --git a/session.c b/session.c
index f2549e0cd..f296e9f10 100644
--- a/session.c
+++ b/session.c
@@ -1529,6 +1529,10 @@ do_setusercontext(struct passwd *pw)
1529# endif /* USE_LIBIAF */ 1529# endif /* USE_LIBIAF */
1530#endif 1530#endif
1531 1531
1532#ifdef WITH_SELINUX
1533 ssh_selinux_setup_exec_context(pw->pw_name);
1534#endif
1535
1532 if (options.chroot_directory != NULL && 1536 if (options.chroot_directory != NULL &&
1533 strcasecmp(options.chroot_directory, "none") != 0) { 1537 strcasecmp(options.chroot_directory, "none") != 0) {
1534 tmp = tilde_expand_filename(options.chroot_directory, 1538 tmp = tilde_expand_filename(options.chroot_directory,
@@ -1556,10 +1560,6 @@ do_setusercontext(struct passwd *pw)
1556#endif 1560#endif
1557 if (getuid() != pw->pw_uid || geteuid() != pw->pw_uid) 1561 if (getuid() != pw->pw_uid || geteuid() != pw->pw_uid)
1558 fatal("Failed to set uids to %u.", (u_int) pw->pw_uid); 1562 fatal("Failed to set uids to %u.", (u_int) pw->pw_uid);
1559
1560#ifdef WITH_SELINUX
1561 ssh_selinux_setup_exec_context(pw->pw_name);
1562#endif
1563} 1563}
1564 1564
1565static void 1565static void