diff options
author | Damien Miller <djm@mindrot.org> | 2010-03-26 11:04:09 +1100 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2010-03-26 11:04:09 +1100 |
commit | 8b90642fcf979737dc2f3152660b0561ec5b3a5d (patch) | |
tree | 0c83f7a0ce54b963801ac50e00f72d4c4f264e65 | |
parent | 44451d0af8ecbec2a17d47d75d3cca02d1239cf8 (diff) |
- (djm) [session.c] Allow ChrootDirectory to work on SELinux platforms -
set up SELinux execution context before chroot() call. From Russell
Coker via Colin watson; bz#1726 ok dtucker@
-rw-r--r-- | ChangeLog | 3 | ||||
-rw-r--r-- | session.c | 8 |
2 files changed, 7 insertions, 4 deletions
@@ -8,6 +8,9 @@ | |||
8 | [servconf.c] | 8 | [servconf.c] |
9 | from portable: getcwd(NULL, 0) doesn't work on all platforms, so | 9 | from portable: getcwd(NULL, 0) doesn't work on all platforms, so |
10 | use a stack buffer; ok dtucker@ | 10 | use a stack buffer; ok dtucker@ |
11 | - (djm) [session.c] Allow ChrootDirectory to work on SELinux platforms - | ||
12 | set up SELinux execution context before chroot() call. From Russell | ||
13 | Coker via Colin watson; bz#1726 ok dtucker@ | ||
11 | 14 | ||
12 | 20100324 | 15 | 20100324 |
13 | - (dtucker) [contrib/cygwin/ssh-host-config] Mount the Windows directory | 16 | - (dtucker) [contrib/cygwin/ssh-host-config] Mount the Windows directory |
@@ -1551,6 +1551,10 @@ do_setusercontext(struct passwd *pw) | |||
1551 | } | 1551 | } |
1552 | #endif /* HAVE_SETPCRED */ | 1552 | #endif /* HAVE_SETPCRED */ |
1553 | 1553 | ||
1554 | #ifdef WITH_SELINUX | ||
1555 | ssh_selinux_setup_exec_context(pw->pw_name); | ||
1556 | #endif | ||
1557 | |||
1554 | if (options.chroot_directory != NULL && | 1558 | if (options.chroot_directory != NULL && |
1555 | strcasecmp(options.chroot_directory, "none") != 0) { | 1559 | strcasecmp(options.chroot_directory, "none") != 0) { |
1556 | tmp = tilde_expand_filename(options.chroot_directory, | 1560 | tmp = tilde_expand_filename(options.chroot_directory, |
@@ -1575,10 +1579,6 @@ do_setusercontext(struct passwd *pw) | |||
1575 | 1579 | ||
1576 | if (getuid() != pw->pw_uid || geteuid() != pw->pw_uid) | 1580 | if (getuid() != pw->pw_uid || geteuid() != pw->pw_uid) |
1577 | fatal("Failed to set uids to %u.", (u_int) pw->pw_uid); | 1581 | fatal("Failed to set uids to %u.", (u_int) pw->pw_uid); |
1578 | |||
1579 | #ifdef WITH_SELINUX | ||
1580 | ssh_selinux_setup_exec_context(pw->pw_name); | ||
1581 | #endif | ||
1582 | } | 1582 | } |
1583 | 1583 | ||
1584 | static void | 1584 | static void |