- (djm) [session.c] Allow ChrootDirectory to work on SELinux platforms -

set up SELinux execution context before chroot() call. From Russell Coker via Colin watson; bz#1726 ok dtucker@
author: Damien Miller <djm@mindrot.org> 2010-03-26 11:04:09 +1100
committer: Damien Miller <djm@mindrot.org> 2010-03-26 11:04:09 +1100
commit: 8b90642fcf979737dc2f3152660b0561ec5b3a5d (patch)
tree: 0c83f7a0ce54b963801ac50e00f72d4c4f264e65 /session.c
parent: 44451d0af8ecbec2a17d47d75d3cca02d1239cf8 (diff)
1 files changed, 4 insertions, 4 deletions
diff --git a/session.c b/session.c
index 639405fec..e032de692 100644
--- a/session.c
+++ b/session.c
@@ -1551,6 +1551,10 @@ do_setusercontext(struct passwd *pw)
                }
 #endif /* HAVE_SETPCRED */
+#ifdef WITH_SELINUX
+                ssh_selinux_setup_exec_context(pw->pw_name);
+#endif
                if (options.chroot_directory != NULL &&
                    strcasecmp(options.chroot_directory, "none") != 0) {
                        tmp = tilde_expand_filename(options.chroot_directory,
@@ -1575,10 +1579,6 @@ do_setusercontext(struct passwd *pw)
        if (getuid() != pw->pw_uid || geteuid() != pw->pw_uid)
                fatal("Failed to set uids to %u.", (u_int) pw->pw_uid);
-#ifdef WITH_SELINUX
-        ssh_selinux_setup_exec_context(pw->pw_name);
-#endif
 }
 static void
author	Damien Miller <djm@mindrot.org>	2010-03-26 11:04:09 +1100
committer	Damien Miller <djm@mindrot.org>	2010-03-26 11:04:09 +1100
commit	8b90642fcf979737dc2f3152660b0561ec5b3a5d (patch)
tree	0c83f7a0ce54b963801ac50e00f72d4c4f264e65 /session.c
parent	44451d0af8ecbec2a17d47d75d3cca02d1239cf8 (diff)