Handle SELinux authorisation roles

Rejected upstream due to discomfort with magic usernames; a better approach will need an SSH protocol change. In the meantime, this came from Debian's SELinux maintainer, so we'll keep it until we have something better. Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1641 Bug-Debian: http://bugs.debian.org/394795 Last-Update: 2020-02-21 Patch-Name: selinux-role.patch
author: Manoj Srivastava <srivasta@debian.org> 2014-02-09 16:09:49 +0000
committer: Colin Watson <cjwatson@debian.org> 2020-06-07 10:25:35 +0100
commit: 8641a3f57e67e087b4500beb9916e06c4d0ba94c (patch)
tree: 13f2ec3473e6689b2d890f1a529a320a6f3cfa2a /sshd.c
parent: 7e3de67f8447064d6963e8299653d8e01baaef1e (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/sshd.c b/sshd.c
index e96d90809..e8b332ca4 100644
--- a/sshd.c
+++ b/sshd.c
@@ -594,7 +594,7 @@ privsep_postauth(struct ssh *ssh, Authctxt *authctxt)
        reseed_prngs();
        /* Drop privileges */
-        do_setusercontext(authctxt->pw);
+        do_setusercontext(authctxt->pw, authctxt->role);
 skip:
        /* It is safe now to apply the key state */
author	Manoj Srivastava <srivasta@debian.org>	2014-02-09 16:09:49 +0000
committer	Colin Watson <cjwatson@debian.org>	2020-06-07 10:25:35 +0100
commit	8641a3f57e67e087b4500beb9916e06c4d0ba94c (patch)
tree	13f2ec3473e6689b2d890f1a529a320a6f3cfa2a /sshd.c
parent	7e3de67f8447064d6963e8299653d8e01baaef1e (diff)

diff --git a/sshd.c b/sshd.c index e96d90809..e8b332ca4 100644 --- a/sshd.c +++ b/sshd.c
@@ -594,7 +594,7 @@ privsep_postauth(struct ssh ssh, Authctxt authctxt)
594	reseed_prngs();	594	reseed_prngs();
595		595
596	/* Drop privileges */	596	/* Drop privileges */
597	do_setusercontext(authctxt->pw);	597	do_setusercontext(authctxt->pw, authctxt->role);
598		598
599	skip:	599	skip:
600	/* It is safe now to apply the key state */	600	/* It is safe now to apply the key state */