Handle SELinux authorisation roles

Rejected upstream due to discomfort with magic usernames; a better approach will need an SSH protocol change. In the meantime, this came from Debian's SELinux maintainer, so we'll keep it until we have something better. Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1641 Bug-Debian: http://bugs.debian.org/394795 Last-Update: 2018-08-24 Patch-Name: selinux-role.patch
author: Manoj Srivastava <srivasta@debian.org> 2014-02-09 16:09:49 +0000
committer: Colin Watson <cjwatson@debian.org> 2018-10-20 22:54:09 +0100
commit: cf3f6ac19812e4d32874304b3854b055831c2124 (patch)
tree: a9f141a9525561b4002b0677c109e9a8dd1b293f /sshd.c
parent: 389e16d0109d8c49a761cd7c267438b05c9ab984 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/sshd.c b/sshd.c
index 673db87f6..2bc6679e5 100644
--- a/sshd.c
+++ b/sshd.c
@@ -683,7 +683,7 @@ privsep_postauth(Authctxt *authctxt)
        reseed_prngs();
        /* Drop privileges */
-        do_setusercontext(authctxt->pw);
+        do_setusercontext(authctxt->pw, authctxt->role);
 skip:
        /* It is safe now to apply the key state */
author	Manoj Srivastava <srivasta@debian.org>	2014-02-09 16:09:49 +0000
committer	Colin Watson <cjwatson@debian.org>	2018-10-20 22:54:09 +0100
commit	cf3f6ac19812e4d32874304b3854b055831c2124 (patch)
tree	a9f141a9525561b4002b0677c109e9a8dd1b293f /sshd.c
parent	389e16d0109d8c49a761cd7c267438b05c9ab984 (diff)

diff --git a/sshd.c b/sshd.c index 673db87f6..2bc6679e5 100644 --- a/sshd.c +++ b/sshd.c
@@ -683,7 +683,7 @@ privsep_postauth(Authctxt *authctxt)
683	reseed_prngs();	683	reseed_prngs();
684		684
685	/* Drop privileges */	685	/* Drop privileges */
686	do_setusercontext(authctxt->pw);	686	do_setusercontext(authctxt->pw, authctxt->role);
687		687
688	skip:	688	skip:
689	/* It is safe now to apply the key state */	689	/* It is safe now to apply the key state */