diff options
author | Colin Watson <cjwatson@debian.org> | 2010-01-02 00:48:04 +0000 |
---|---|---|
committer | Colin Watson <cjwatson@debian.org> | 2010-01-02 00:48:04 +0000 |
commit | c4ee4042fcb3bfa23696ad73a6319363cd625740 (patch) | |
tree | cc264727972f7f4620c5872b54b5cd1aeca9f483 | |
parent | 9649a8bd3d181cff206116ce59059d004a1a7c75 (diff) |
Make ChrootDirectory work with SELinux (thanks, Russell Coker; closes:
#556644).
-rw-r--r-- | debian/changelog | 2 | ||||
-rw-r--r-- | session.c | 8 |
2 files changed, 6 insertions, 4 deletions
diff --git a/debian/changelog b/debian/changelog index e0bc80ef2..0b688f8ca 100644 --- a/debian/changelog +++ b/debian/changelog | |||
@@ -33,6 +33,8 @@ openssh (1:5.2p1-1) UNRELEASED; urgency=low | |||
33 | * Use x11.pc when compiling/linking gnome-ssh-askpass2 (closes: #555951). | 33 | * Use x11.pc when compiling/linking gnome-ssh-askpass2 (closes: #555951). |
34 | * Moved to bzr.debian.org; add Vcs-Bzr and Vcs-Browser control fields. | 34 | * Moved to bzr.debian.org; add Vcs-Bzr and Vcs-Browser control fields. |
35 | * Add debian/README.source with instructions on bzr handling. | 35 | * Add debian/README.source with instructions on bzr handling. |
36 | * Make ChrootDirectory work with SELinux (thanks, Russell Coker; closes: | ||
37 | #556644). | ||
36 | 38 | ||
37 | -- Colin Watson <cjwatson@debian.org> Thu, 12 Nov 2009 21:31:44 +0000 | 39 | -- Colin Watson <cjwatson@debian.org> Thu, 12 Nov 2009 21:31:44 +0000 |
38 | 40 | ||
@@ -1529,6 +1529,10 @@ do_setusercontext(struct passwd *pw) | |||
1529 | # endif /* USE_LIBIAF */ | 1529 | # endif /* USE_LIBIAF */ |
1530 | #endif | 1530 | #endif |
1531 | 1531 | ||
1532 | #ifdef WITH_SELINUX | ||
1533 | ssh_selinux_setup_exec_context(pw->pw_name); | ||
1534 | #endif | ||
1535 | |||
1532 | if (options.chroot_directory != NULL && | 1536 | if (options.chroot_directory != NULL && |
1533 | strcasecmp(options.chroot_directory, "none") != 0) { | 1537 | strcasecmp(options.chroot_directory, "none") != 0) { |
1534 | tmp = tilde_expand_filename(options.chroot_directory, | 1538 | tmp = tilde_expand_filename(options.chroot_directory, |
@@ -1556,10 +1560,6 @@ do_setusercontext(struct passwd *pw) | |||
1556 | #endif | 1560 | #endif |
1557 | if (getuid() != pw->pw_uid || geteuid() != pw->pw_uid) | 1561 | if (getuid() != pw->pw_uid || geteuid() != pw->pw_uid) |
1558 | fatal("Failed to set uids to %u.", (u_int) pw->pw_uid); | 1562 | fatal("Failed to set uids to %u.", (u_int) pw->pw_uid); |
1559 | |||
1560 | #ifdef WITH_SELINUX | ||
1561 | ssh_selinux_setup_exec_context(pw->pw_name); | ||
1562 | #endif | ||
1563 | } | 1563 | } |
1564 | 1564 | ||
1565 | static void | 1565 | static void |