1 files changed, 6 insertions, 3 deletions
diff --git a/openbsd-compat/port-linux.c b/openbsd-compat/port-linux.c
index e26faf08c..8a3e5c68d 100644
--- a/openbsd-compat/port-linux.c
+++ b/openbsd-compat/port-linux.c
@@ -39,7 +39,6 @@
 #ifdef WITH_SELINUX
 #include <selinux/selinux.h>
-#include <selinux/flask.h>
 #include <selinux/get_context_list.h>
 #ifndef SSH_SELINUX_UNCONFINED_TYPE
@@ -152,6 +151,7 @@ ssh_selinux_setup_pty(char *pwname, const char *tty, const char *role)
        security_context_t new_tty_ctx = NULL;
        security_context_t user_ctx = NULL;
        security_context_t old_tty_ctx = NULL;
+        security_class_t chrclass;
        if (!ssh_selinux_enabled())
                return;
@@ -166,9 +166,12 @@ ssh_selinux_setup_pty(char *pwname, const char *tty, const char *role)
                error("%s: getfilecon: %s", __func__, strerror(errno));
                goto out;
        }
+        if ((chrclass = string_to_security_class("chr_file")) == 0) {
+                error("%s: couldn't get security class for chr_file", __func__);
+                goto out;
+        }
        if (security_compute_relabel(user_ctx, old_tty_ctx,
-            SECCLASS_CHR_FILE, &new_tty_ctx) != 0) {
+            chrclass, &new_tty_ctx) != 0) {
                error("%s: security_compute_relabel: %s",
                    __func__, strerror(errno));
                goto out;

diff --git a/openbsd-compat/port-linux.c b/openbsd-compat/port-linux.c index e26faf08c..8a3e5c68d 100644 --- a/openbsd-compat/port-linux.c +++ b/openbsd-compat/port-linux.c
@@ -39,7 +39,6 @@
39		39
40	#ifdef WITH_SELINUX	40	#ifdef WITH_SELINUX
41	#include <selinux/selinux.h>	41	#include <selinux/selinux.h>
42	#include <selinux/flask.h>
43	#include <selinux/get_context_list.h>	42	#include <selinux/get_context_list.h>
44		43
45	#ifndef SSH_SELINUX_UNCONFINED_TYPE	44	#ifndef SSH_SELINUX_UNCONFINED_TYPE
@@ -152,6 +151,7 @@ ssh_selinux_setup_pty(char pwname, const char tty, const char *role)
152	security_context_t new_tty_ctx = NULL;	151	security_context_t new_tty_ctx = NULL;
153	security_context_t user_ctx = NULL;	152	security_context_t user_ctx = NULL;
154	security_context_t old_tty_ctx = NULL;	153	security_context_t old_tty_ctx = NULL;
		154	security_class_t chrclass;
155		155
156	if (!ssh_selinux_enabled())	156	if (!ssh_selinux_enabled())
157	return;	157	return;
@@ -166,9 +166,12 @@ ssh_selinux_setup_pty(char pwname, const char tty, const char *role)
166	error("%s: getfilecon: %s", __func__, strerror(errno));	166	error("%s: getfilecon: %s", __func__, strerror(errno));
167	goto out;	167	goto out;
168	}	168	}
169		169	if ((chrclass = string_to_security_class("chr_file")) == 0) {
		170	error("%s: couldn't get security class for chr_file", __func__);
		171	goto out;
		172	}
170	if (security_compute_relabel(user_ctx, old_tty_ctx,	173	if (security_compute_relabel(user_ctx, old_tty_ctx,
171	SECCLASS_CHR_FILE, &new_tty_ctx) != 0) {	174	chrclass, &new_tty_ctx) != 0) {
172	error("%s: security_compute_relabel: %s",	175	error("%s: security_compute_relabel: %s",
173	__func__, strerror(errno));	176	__func__, strerror(errno));
174	goto out;	177	goto out;