- (djm) [session.c] Allow ChrootDirectory to work on SELinux platforms -

   set up SELinux execution context before chroot() call. From Russell
   Coker via Colin watson; bz#1726 ok dtucker@

2 files changed, 7 insertions, 4 deletions

diff --git a/ChangeLog b/ChangeLog
index cf3558c00..c569328f5 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -8,6 +8,9 @@
      [servconf.c]
      from portable: getcwd(NULL, 0) doesn't work on all platforms, so
      use a stack buffer; ok dtucker@
+ - (djm) [session.c] Allow ChrootDirectory to work on SELinux platforms -
+   set up SELinux execution context before chroot() call. From Russell
+   Coker via Colin watson; bz#1726 ok dtucker@
 
 20100324
  - (dtucker) [contrib/cygwin/ssh-host-config] Mount the Windows directory
diff --git a/session.c b/session.c
index 639405fec..e032de692 100644
--- a/session.c
+++ b/session.c
@@ -1551,6 +1551,10 @@ do_setusercontext(struct passwd *pw)
                 }
 #endif /* HAVE_SETPCRED */
 
+#ifdef WITH_SELINUX
+                ssh_selinux_setup_exec_context(pw->pw_name);
+#endif
+
                 if (options.chroot_directory != NULL &&
                     strcasecmp(options.chroot_directory, "none") != 0) {
                         tmp = tilde_expand_filename(options.chroot_directory,
@@ -1575,10 +1579,6 @@ do_setusercontext(struct passwd *pw)
 
         if (getuid() != pw->pw_uid || geteuid() != pw->pw_uid)
                 fatal("Failed to set uids to %u.", (u_int) pw->pw_uid);
-
-#ifdef WITH_SELINUX
-        ssh_selinux_setup_exec_context(pw->pw_name);
-#endif
 }
 
 static void