1 files changed, 36 insertions, 0 deletions
diff --git a/debian/patches/selinux-fix-chroot-directory.patch b/debian/patches/selinux-fix-chroot-directory.patch
new file mode 100644
index 000000000..03942392b
--- /dev/null
+++ b/debian/patches/selinux-fix-chroot-directory.patch
@@ -0,0 +1,36 @@
+Description: Make ChrootDirectory work with SELinux
+ After chroot() is called the SE Linux context setting won't work unless
+ /selinux and /proc are mounted in the chroot environment.  Even worse, if
+ the user has control over the chroot environment then they may be able to
+ control the context that they get (I haven't verified this).
+Author: Russell Coker <russell@coker.com.au>
+Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1726
+Bug-Debian: http://bugs.debian.org/556644
+Last-Update: 2010-03-01
+Index: b/session.c
+===================================================================
+--- a/session.c
+++ b/session.c
+@@ -1551,6 +1551,10 @@
+                }
+ #endif /* HAVE_SETPCRED */
+ 
+#ifdef WITH_SELINUX
+               ssh_selinux_setup_exec_context(pw->pw_name);
+#endif
+
+                if (options.chroot_directory != NULL &&
+                    strcasecmp(options.chroot_directory, "none") != 0) {
+                         tmp = tilde_expand_filename(options.chroot_directory,
+@@ -1575,10 +1579,6 @@
+ 
+        if (getuid() != pw->pw_uid || geteuid() != pw->pw_uid)
+                fatal("Failed to set uids to %u.", (u_int) pw->pw_uid);
+-
+-#ifdef WITH_SELINUX
+-       ssh_selinux_setup_exec_context(pw->pw_name);
+-#endif
+ }
+ 
+ static void

diff --git a/debian/patches/selinux-fix-chroot-directory.patch b/debian/patches/selinux-fix-chroot-directory.patch new file mode 100644 index 000000000..03942392b --- /dev/null +++ b/debian/patches/selinux-fix-chroot-directory.patch
@@ -0,0 +1,36 @@
	1	Description: Make ChrootDirectory work with SELinux
	2	After chroot() is called the SE Linux context setting won't work unless
	3	/selinux and /proc are mounted in the chroot environment. Even worse, if
	4	the user has control over the chroot environment then they may be able to
	5	control the context that they get (I haven't verified this).
	6	Author: Russell Coker <russell@coker.com.au>
	7	Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1726
	8	Bug-Debian: http://bugs.debian.org/556644
	9	Last-Update: 2010-03-01
	10
	11	Index: b/session.c
	12	===================================================================
	13	--- a/session.c
	14	+++ b/session.c
	15	@@ -1551,6 +1551,10 @@
	16	}
	17	#endif /* HAVE_SETPCRED */
	18
	19	+#ifdef WITH_SELINUX
	20	+ ssh_selinux_setup_exec_context(pw->pw_name);
	21	+#endif
	22	+
	23	if (options.chroot_directory != NULL &&
	24	strcasecmp(options.chroot_directory, "none") != 0) {
	25	tmp = tilde_expand_filename(options.chroot_directory,
	26	@@ -1575,10 +1579,6 @@
	27
	28	if (getuid() != pw->pw_uid \|\| geteuid() != pw->pw_uid)
	29	fatal("Failed to set uids to %u.", (u_int) pw->pw_uid);
	30	-
	31	-#ifdef WITH_SELINUX
	32	- ssh_selinux_setup_exec_context(pw->pw_name);
	33	-#endif
	34	}
	35
	36	static void