Handle SELinux authorisation roles

Rejected upstream due to discomfort with magic usernames; a better approach will need an SSH protocol change. In the meantime, this came from Debian's SELinux maintainer, so we'll keep it until we have something better. Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1641 Bug-Debian: http://bugs.debian.org/394795 Last-Update: 2017-10-04 Patch-Name: selinux-role.patch
author: Manoj Srivastava <srivasta@debian.org> 2014-02-09 16:09:49 +0000
committer: Colin Watson <cjwatson@debian.org> 2017-10-04 13:54:48 +0100
commit: 4b276122c04aed0726803a92c8ca955e614a4d3a (patch)
tree: 5c5638fad9f6edf9ada6a4661f6c5cbb1bec2696 /sshd.c
parent: cdd9076a145a95c21538eedb3f728a897480c5de (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/sshd.c b/sshd.c
index a66e9ca6c..af1ec3376 100644
--- a/sshd.c
+++ b/sshd.c
@@ -677,7 +677,7 @@ privsep_postauth(Authctxt *authctxt)
        reseed_prngs();
        /* Drop privileges */
-        do_setusercontext(authctxt->pw);
+        do_setusercontext(authctxt->pw, authctxt->role);
 skip:
        /* It is safe now to apply the key state */
author	Manoj Srivastava <srivasta@debian.org>	2014-02-09 16:09:49 +0000
committer	Colin Watson <cjwatson@debian.org>	2017-10-04 13:54:48 +0100
commit	4b276122c04aed0726803a92c8ca955e614a4d3a (patch)
tree	5c5638fad9f6edf9ada6a4661f6c5cbb1bec2696 /sshd.c
parent	cdd9076a145a95c21538eedb3f728a897480c5de (diff)

diff --git a/sshd.c b/sshd.c index a66e9ca6c..af1ec3376 100644 --- a/sshd.c +++ b/sshd.c
@@ -677,7 +677,7 @@ privsep_postauth(Authctxt *authctxt)
677	reseed_prngs();	677	reseed_prngs();
678		678
679	/* Drop privileges */	679	/* Drop privileges */
680	do_setusercontext(authctxt->pw);	680	do_setusercontext(authctxt->pw, authctxt->role);
681		681
682	skip:	682	skip:
683	/* It is safe now to apply the key state */	683	/* It is safe now to apply the key state */