From b8eb586412f338dcee69639ae375d5f72e26a094 Mon Sep 17 00:00:00 2001
From: Darren Tucker <dtucker@zip.com.au>
Date: Thu, 27 Mar 2008 07:27:20 +1100
Subject:  - (dtucker) Cache selinux status earlier so we know if it's enabled
 after a    chroot.  Allows ChrootDirectory to work with selinux support
 compiled in    but not enabled.  Using it with selinux enabled will require
 some selinux    support inside the chroot.  "looks sane" djm@

---
 ChangeLog                   | 8 +++++++-
 openbsd-compat/port-linux.c | 4 ++--
 openbsd-compat/port-linux.h | 3 ++-
 session.c                   | 5 +++++
 4 files changed, 16 insertions(+), 4 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index e943a8301..45429881b 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,9 @@
+20080327
+ - (dtucker) Cache selinux status earlier so we know if it's enabled after a
+   chroot.  Allows ChrootDirectory to work with selinux support compiled in
+   but not enabled.  Using it with selinux enabled will require some selinux
+   support inside the chroot.  "looks sane" djm@
+
 20080315
  - (djm) [regress/test-exec.sh] Quote putty-related variables in case they are
    empty; report and patch from Peter Stuge
@@ -3765,4 +3771,4 @@
    OpenServer 6 and add osr5bigcrypt support so when someone migrates
    passwords between UnixWare and OpenServer they will still work. OK dtucker@
 
-$Id: ChangeLog,v 1.4879 2008/03/15 06:27:58 djm Exp $
+$Id: ChangeLog,v 1.4880 2008/03/26 20:27:20 dtucker Exp $
diff --git a/openbsd-compat/port-linux.c b/openbsd-compat/port-linux.c
index 2f697e7d9..ad262758e 100644
--- a/openbsd-compat/port-linux.c
+++ b/openbsd-compat/port-linux.c
@@ -1,4 +1,4 @@
-/* $Id: port-linux.c,v 1.4 2007/06/27 22:48:03 djm Exp $ */
+/* $Id: port-linux.c,v 1.5 2008/03/26 20:27:21 dtucker Exp $ */
 
 /*
  * Copyright (c) 2005 Daniel Walsh <dwalsh@redhat.com>
@@ -36,7 +36,7 @@
 #include <selinux/get_context_list.h>
 
 /* Wrapper around is_selinux_enabled() to log its return value once only */
-static int
+int
 ssh_selinux_enabled(void)
 {
 	static int enabled = -1;
diff --git a/openbsd-compat/port-linux.h b/openbsd-compat/port-linux.h
index 05e520e1c..5cd39bf83 100644
--- a/openbsd-compat/port-linux.h
+++ b/openbsd-compat/port-linux.h
@@ -1,4 +1,4 @@
-/* $Id: port-linux.h,v 1.1 2006/04/22 11:26:08 djm Exp $ */
+/* $Id: port-linux.h,v 1.2 2008/03/26 20:27:21 dtucker Exp $ */
 
 /*
  * Copyright (c) 2006 Damien Miller <djm@openbsd.org>
@@ -20,6 +20,7 @@
 #define _PORT_LINUX_H
 
 #ifdef WITH_SELINUX
+int ssh_selinux_enabled(void);
 void ssh_selinux_setup_pty(char *, const char *);
 void ssh_selinux_setup_exec_context(char *);
 #endif
diff --git a/session.c b/session.c
index 92282f92a..54621a4c0 100644
--- a/session.c
+++ b/session.c
@@ -1345,6 +1345,11 @@ do_setusercontext(struct passwd *pw)
 {
 	char *chroot_path, *tmp;
 
+#ifdef WITH_SELINUX
+	/* Cache selinux status for later use */
+	(void)ssh_selinux_enabled();
+#endif
+
 #ifndef HAVE_CYGWIN
 	if (getuid() == 0 || geteuid() == 0)
 #endif /* HAVE_CYGWIN */
-- 
cgit v1.2.3