diff options
author | Manoj Srivastava <srivasta@debian.org> | 2014-02-09 16:09:49 +0000 |
---|---|---|
committer | Colin Watson <cjwatson@debian.org> | 2016-01-14 15:07:16 +0000 |
commit | 701eb985309b1c9fce617949298659843fce723d (patch) | |
tree | d1000cc3fae5c2d17a0150a401683229dc125c9d /sshd.c | |
parent | f1fe58341ea22a6f07e5e1de79aa0385c0ee0c6a (diff) |
Handle SELinux authorisation roles
Rejected upstream due to discomfort with magic usernames; a better approach
will need an SSH protocol change. In the meantime, this came from Debian's
SELinux maintainer, so we'll keep it until we have something better.
Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1641
Bug-Debian: http://bugs.debian.org/394795
Last-Update: 2015-08-19
Patch-Name: selinux-role.patch
Diffstat (limited to 'sshd.c')
-rw-r--r-- | sshd.c | 2 |
1 files changed, 1 insertions, 1 deletions
@@ -786,7 +786,7 @@ privsep_postauth(Authctxt *authctxt) | |||
786 | explicit_bzero(rnd, sizeof(rnd)); | 786 | explicit_bzero(rnd, sizeof(rnd)); |
787 | 787 | ||
788 | /* Drop privileges */ | 788 | /* Drop privileges */ |
789 | do_setusercontext(authctxt->pw); | 789 | do_setusercontext(authctxt->pw, authctxt->role); |
790 | 790 | ||
791 | skip: | 791 | skip: |
792 | /* It is safe now to apply the key state */ | 792 | /* It is safe now to apply the key state */ |