Handle SELinux authorisation roles

Rejected upstream due to discomfort with magic usernames; a better approach will need an SSH protocol change. In the meantime, this came from Debian's SELinux maintainer, so we'll keep it until we have something better. Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1641 Bug-Debian: http://bugs.debian.org/394795 Last-Update: 2013-09-14 Patch-Name: selinux-role.patch
author: Manoj Srivastava <srivasta@debian.org> 2014-02-09 16:09:49 +0000
committer: Colin Watson <cjwatson@debian.org> 2014-02-09 16:17:20 +0000
commit: 07f2a771c490bd68cd5c5ea9c535705e93bd94f3 (patch)
tree: 3e2ead17b4c91699c13b0417d46bfd750a04e0b8 /sshd.c
parent: 950be7e1b1a01ee9b25e2a72726a6370b8acacb6 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/sshd.c b/sshd.c
index 4eddeb8d8..e5c983514 100644
--- a/sshd.c
+++ b/sshd.c
@@ -753,7 +753,7 @@ privsep_postauth(Authctxt *authctxt)
        RAND_seed(rnd, sizeof(rnd));
        /* Drop privileges */
-        do_setusercontext(authctxt->pw);
+        do_setusercontext(authctxt->pw, authctxt->role);
 skip:
        /* It is safe now to apply the key state */
author	Manoj Srivastava <srivasta@debian.org>	2014-02-09 16:09:49 +0000
committer	Colin Watson <cjwatson@debian.org>	2014-02-09 16:17:20 +0000
commit	07f2a771c490bd68cd5c5ea9c535705e93bd94f3 (patch)
tree	3e2ead17b4c91699c13b0417d46bfd750a04e0b8 /sshd.c
parent	950be7e1b1a01ee9b25e2a72726a6370b8acacb6 (diff)

diff --git a/sshd.c b/sshd.c index 4eddeb8d8..e5c983514 100644 --- a/sshd.c +++ b/sshd.c
@@ -753,7 +753,7 @@ privsep_postauth(Authctxt *authctxt)
753	RAND_seed(rnd, sizeof(rnd));	753	RAND_seed(rnd, sizeof(rnd));
754		754
755	/* Drop privileges */	755	/* Drop privileges */
756	do_setusercontext(authctxt->pw);	756	do_setusercontext(authctxt->pw, authctxt->role);
757		757
758	skip:	758	skip:
759	/* It is safe now to apply the key state */	759	/* It is safe now to apply the key state */