summaryrefslogtreecommitdiff
path: root/debian/patches/selinux-fix-chroot-directory.patch
diff options
context:
space:
mode:
Diffstat (limited to 'debian/patches/selinux-fix-chroot-directory.patch')
-rw-r--r--debian/patches/selinux-fix-chroot-directory.patch36
1 files changed, 36 insertions, 0 deletions
diff --git a/debian/patches/selinux-fix-chroot-directory.patch b/debian/patches/selinux-fix-chroot-directory.patch
new file mode 100644
index 000000000..03942392b
--- /dev/null
+++ b/debian/patches/selinux-fix-chroot-directory.patch
@@ -0,0 +1,36 @@
1Description: Make ChrootDirectory work with SELinux
2 After chroot() is called the SE Linux context setting won't work unless
3 /selinux and /proc are mounted in the chroot environment. Even worse, if
4 the user has control over the chroot environment then they may be able to
5 control the context that they get (I haven't verified this).
6Author: Russell Coker <russell@coker.com.au>
7Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1726
8Bug-Debian: http://bugs.debian.org/556644
9Last-Update: 2010-03-01
10
11Index: b/session.c
12===================================================================
13--- a/session.c
14+++ b/session.c
15@@ -1551,6 +1551,10 @@
16 }
17 #endif /* HAVE_SETPCRED */
18
19+#ifdef WITH_SELINUX
20+ ssh_selinux_setup_exec_context(pw->pw_name);
21+#endif
22+
23 if (options.chroot_directory != NULL &&
24 strcasecmp(options.chroot_directory, "none") != 0) {
25 tmp = tilde_expand_filename(options.chroot_directory,
26@@ -1575,10 +1579,6 @@
27
28 if (getuid() != pw->pw_uid || geteuid() != pw->pw_uid)
29 fatal("Failed to set uids to %u.", (u_int) pw->pw_uid);
30-
31-#ifdef WITH_SELINUX
32- ssh_selinux_setup_exec_context(pw->pw_name);
33-#endif
34 }
35
36 static void