- (dtucker) Cache selinux status earlier so we know if it's enabled after a

chroot. Allows ChrootDirectory to work with selinux support compiled in but not enabled. Using it with selinux enabled will require some selinux support inside the chroot. "looks sane" djm@
author: Darren Tucker <dtucker@zip.com.au> 2008-03-27 07:27:20 +1100
committer: Darren Tucker <dtucker@zip.com.au> 2008-03-27 07:27:20 +1100
commit: b8eb586412f338dcee69639ae375d5f72e26a094 (patch)
tree: 01aae213b6980e733522d5c1fa235519aaf82649
parent: a19390067474ab3a8ad806dbf551fd84164e78a4 (diff)
4 files changed, 16 insertions, 4 deletions
diff --git a/ChangeLog b/ChangeLog
index e943a8301..45429881b 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,9 @@
+20080327
+ - (dtucker) Cache selinux status earlier so we know if it's enabled after a
+   chroot.  Allows ChrootDirectory to work with selinux support compiled in
+   but not enabled.  Using it with selinux enabled will require some selinux
+   support inside the chroot.  "looks sane" djm@
 20080315
 - (djm) [regress/test-exec.sh] Quote putty-related variables in case they are
   empty; report and patch from Peter Stuge
@@ -3765,4 +3771,4 @@
   OpenServer 6 and add osr5bigcrypt support so when someone migrates
   passwords between UnixWare and OpenServer they will still work. OK dtucker@
-$Id: ChangeLog,v 1.4879 2008/03/15 06:27:58 djm Exp $
+$Id: ChangeLog,v 1.4880 2008/03/26 20:27:20 dtucker Exp $
diff --git a/openbsd-compat/port-linux.c b/openbsd-compat/port-linux.c
index 2f697e7d9..ad262758e 100644
--- a/openbsd-compat/port-linux.c
+++ b/openbsd-compat/port-linux.c
@@ -1,4 +1,4 @@
-/* $Id: port-linux.c,v 1.4 2007/06/27 22:48:03 djm Exp $ */
+/* $Id: port-linux.c,v 1.5 2008/03/26 20:27:21 dtucker Exp $ */
 /*
 * Copyright (c) 2005 Daniel Walsh <dwalsh@redhat.com>
@@ -36,7 +36,7 @@
 #include <selinux/get_context_list.h>
 /* Wrapper around is_selinux_enabled() to log its return value once only */
-static int
+int
 ssh_selinux_enabled(void)
 {
        static int enabled = -1;
diff --git a/openbsd-compat/port-linux.h b/openbsd-compat/port-linux.h
index 05e520e1c..5cd39bf83 100644
--- a/openbsd-compat/port-linux.h
+++ b/openbsd-compat/port-linux.h
@@ -1,4 +1,4 @@
-/* $Id: port-linux.h,v 1.1 2006/04/22 11:26:08 djm Exp $ */
+/* $Id: port-linux.h,v 1.2 2008/03/26 20:27:21 dtucker Exp $ */
 /*
 * Copyright (c) 2006 Damien Miller <djm@openbsd.org>
@@ -20,6 +20,7 @@
 #define _PORT_LINUX_H
 #ifdef WITH_SELINUX
+int ssh_selinux_enabled(void);
 void ssh_selinux_setup_pty(char *, const char *);
 void ssh_selinux_setup_exec_context(char *);
 #endif
diff --git a/session.c b/session.c
index 92282f92a..54621a4c0 100644
--- a/session.c
+++ b/session.c
@@ -1345,6 +1345,11 @@ do_setusercontext(struct passwd *pw)
 {
        char *chroot_path, *tmp;
+#ifdef WITH_SELINUX
+        /* Cache selinux status for later use */
+        (void)ssh_selinux_enabled();
+#endif
 #ifndef HAVE_CYGWIN
        if (getuid() == 0 || geteuid() == 0)
 #endif /* HAVE_CYGWIN */
author	Darren Tucker <dtucker@zip.com.au>	2008-03-27 07:27:20 +1100
committer	Darren Tucker <dtucker@zip.com.au>	2008-03-27 07:27:20 +1100
commit	b8eb586412f338dcee69639ae375d5f72e26a094 (patch)
tree	01aae213b6980e733522d5c1fa235519aaf82649
parent	a19390067474ab3a8ad806dbf551fd84164e78a4 (diff)