From 8b90642fcf979737dc2f3152660b0561ec5b3a5d Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Fri, 26 Mar 2010 11:04:09 +1100 Subject: - (djm) [session.c] Allow ChrootDirectory to work on SELinux platforms - set up SELinux execution context before chroot() call. From Russell Coker via Colin watson; bz#1726 ok dtucker@ --- ChangeLog | 3 +++ session.c | 8 ++++---- 2 files changed, 7 insertions(+), 4 deletions(-) diff --git a/ChangeLog b/ChangeLog index cf3558c00..c569328f5 100644 --- a/ChangeLog +++ b/ChangeLog @@ -8,6 +8,9 @@ [servconf.c] from portable: getcwd(NULL, 0) doesn't work on all platforms, so use a stack buffer; ok dtucker@ + - (djm) [session.c] Allow ChrootDirectory to work on SELinux platforms - + set up SELinux execution context before chroot() call. From Russell + Coker via Colin watson; bz#1726 ok dtucker@ 20100324 - (dtucker) [contrib/cygwin/ssh-host-config] Mount the Windows directory diff --git a/session.c b/session.c index 639405fec..e032de692 100644 --- a/session.c +++ b/session.c @@ -1551,6 +1551,10 @@ do_setusercontext(struct passwd *pw) } #endif /* HAVE_SETPCRED */ +#ifdef WITH_SELINUX + ssh_selinux_setup_exec_context(pw->pw_name); +#endif + if (options.chroot_directory != NULL && strcasecmp(options.chroot_directory, "none") != 0) { tmp = tilde_expand_filename(options.chroot_directory, @@ -1575,10 +1579,6 @@ do_setusercontext(struct passwd *pw) if (getuid() != pw->pw_uid || geteuid() != pw->pw_uid) fatal("Failed to set uids to %u.", (u_int) pw->pw_uid); - -#ifdef WITH_SELINUX - ssh_selinux_setup_exec_context(pw->pw_name); -#endif } static void -- cgit v1.2.3