summaryrefslogtreecommitdiff
path: root/openbsd-compat/port-linux.c
AgeCommit message (Collapse)Author
2018-08-24Handle SELinux authorisation rolesManoj Srivastava
Rejected upstream due to discomfort with magic usernames; a better approach will need an SSH protocol change. In the meantime, this came from Debian's SELinux maintainer, so we'll keep it until we have something better. Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1641 Bug-Debian: http://bugs.debian.org/394795 Last-Update: 2018-08-24 Patch-Name: selinux-role.patch
2018-02-26avoid inclusion of deprecated selinux/flask.hDamien Miller
Use string_to_security_class() instead.
2016-08-17Remove obsolete CVS $Id from source files.Darren Tucker
Since -portable switched to git the CVS $Id tags are no longer being updated and are becoming increasingly misleading. Remove them.
2015-07-30downgrade OOM adjustment logging: verbose -> debugDamien Miller
2013-06-02 - (dtucker) [M auth-chall.c auth-krb5.c auth-pam.c cipher-aes.c cipher-ctr.cDarren Tucker
groupaccess.c loginrec.c monitor.c monitor_wrap.c session.c sshd.c sshlogin.c uidswap.c openbsd-compat/bsd-cygwin_util.c openbsd-compat/getrrsetbyname-ldns.c openbsd-compat/port-aix.c openbsd-compat/port-linux.c] Replace portable-specific instances of xfree with the equivalent calls to free.
2012-03-09 - (djm) [openbsd-compat/port-linux.c] bz#1960: fix crash on SELinuxDamien Miller
systems where sshd is run in te wrong context. Patch from Sven Vermeulen; ok dtucker@
2011-08-29 - (djm) [openbsd-compat/port-linux.c] Suppress logging when attemptingDamien Miller
to switch SELinux context away from unconfined_t, based on patch from Jan Chadima; bz#1919 ok dtucker@
2011-08-12 - (dtucker) [openbsd-compat/port-linux.c] Bug 1924: Improve selinux contextDarren Tucker
change error by reporting old and new context names Patch from jchadima at redhat.
2011-02-06 - (dtucker) [openbsd-compat/port-linux.c] Bug #1851: fix syntax error inDarren Tucker
selinux code. Patch from Leonardo Chiquitto.
2011-01-28 - (djm) [openbsd-compat/port-linux.c] Check whether SELinux is enabledDamien Miller
before attempting setfscreatecon(). Check whether matchpathcon() succeeded before using its result. Patch from cjwatson AT debian.org; bz#1851
2011-01-25 - (djm) [configure.ac Makefile.in ssh.c openbsd-compat/port-linux.cDamien Miller
openbsd-compat/port-linux.h] Move SELinux-specific code from ssh.c to port-linux.c to avoid compilation errors. Add -lselinux to ssh when building with SELinux support to avoid linking failure; report from amk AT spamfence.net; ok dtucker
2011-01-17 - (dtucker) [openbsd-compat/port-linux.c] Fix minor bug caught by -Werror onDarren Tucker
the tinderbox.
2011-01-17 - (dtucker) [openbsd-compat/port-linux.c] Bug #1838: Add support for the newDarren Tucker
Linux OOM-killer magic values that changed in 2.6.36 kernels, with fallback to the old values. Feedback from vapier at gentoo org and djm, ok djm.
2010-09-10 - (dtucker) [openbsd-compat/port-linux.c] Check is_selinux_enabled for exactDarren Tucker
return code since it can apparently return -1 under some conditions. From openssh bugs werbittewas de, ok djm@
2010-03-01 - (dtucker) [openbsd-compat/port-linux.c] Make failure to write to the OOMDarren Tucker
adjust log at verbose only, since according to cjwatson in bug #1470 some virtualization platforms don't allow writes.
2009-12-08 - (dtucker) Bug #1470: Disable OOM-killing of the listening sshd on Linux,Darren Tucker
based on a patch from Vaclav Ovsik and Colin Watson. ok djm.
2009-10-24 - (dtucker) [session.c openbsd-compat/port-linux.{c,h}] Bug #1637: if selinuxDarren Tucker
is enabled set the security context to "sftpd_t" before running the internal sftp server Based on a patch from jchadima at redhat.
2008-03-27 - (dtucker) Cache selinux status earlier so we know if it's enabled after aDarren Tucker
chroot. Allows ChrootDirectory to work with selinux support compiled in but not enabled. Using it with selinux enabled will require some selinux support inside the chroot. "looks sane" djm@
2007-06-28 - (djm) bz#1325: Fix SELinux in permissive mode where it wouldDamien Miller
incorrectly fatal() on errors. patch from cjwatson AT debian.org; ok dtucker
2006-09-01 - (djm) [audit-bsm.c audit.c auth-bsdauth.c auth-chall.c auth-pam.c]Damien Miller
[auth-rsa.c auth-shadow.c auth-sia.c auth1.c auth2-chall.c] [auth2-gss.c auth2-kbdint.c auth2-none.c authfd.c authfile.c] [cipher-3des1.c cipher-aes.c cipher-bf1.c cipher-ctr.c clientloop.c] [dh.c dns.c entropy.c gss-serv-krb5.c gss-serv.c hostfile.c kex.c] [kexdhc.c kexdhs.c kexgexc.c kexgexs.c key.c loginrec.c mac.c] [md5crypt.c monitor.c monitor_wrap.c readconf.c rsa.c] [scard-opensc.c scard.c session.c ssh-add.c ssh-agent.c ssh-dss.c] [ssh-keygen.c ssh-keysign.c ssh-rsa.c ssh.c sshconnect.c] [sshconnect1.c sshconnect2.c sshd.c rc4.diff] [openbsd-compat/bsd-cray.c openbsd-compat/port-aix.c] [openbsd-compat/port-linux.c openbsd-compat/port-solaris.c] [openbsd-compat/port-uw.c] Lots of headers for SCO OSR6, mainly adding stdarg.h for log.h; compile problems reported by rac AT tenzing.org
2006-07-24 - (djm) [acss.c auth-krb5.c auth-options.c auth-pam.c auth-shadow.c]Damien Miller
[canohost.c channels.c cipher-acss.c defines.h dns.c gss-genr.c] [gss-serv-krb5.c gss-serv.c log.h loginrec.c logintest.c readconf.c] [servconf.c ssh-keygen.c ssh-keyscan.c ssh-keysign.c ssh-rand-helper.c] [ssh.c sshconnect.c sshd.c openbsd-compat/bindresvport.c] [openbsd-compat/bsd-arc4random.c openbsd-compat/bsd-misc.c] [openbsd-compat/getrrsetbyname.c openbsd-compat/glob.c] [openbsd-compat/mktemp.c openbsd-compat/port-linux.c] [openbsd-compat/port-tun.c openbsd-compat/readpassphrase.c] [openbsd-compat/setproctitle.c openbsd-compat/xmmap.c] make the portable tree compile again - sprinkle unistd.h and string.h back in. Don't redefine __unused, as it turned out to be used in headers on Linux, and replace its use in auth-pam.c with ARGSUSED
2006-04-22 - (djm) [Makefile.in configure.ac session.c sshpty.c]Damien Miller
[contrib/redhat/sshd.init openbsd-compat/Makefile.in] [openbsd-compat/openbsd-compat.h openbsd-compat/port-linux.c] [openbsd-compat/port-linux.h] Add support for SELinux, setting the execution and TTY contexts. based on patch from Daniel Walsh, bz #880; ok dtucker@