From bda709b8e13d3eef19e69c2d1684139e3af728f5 Mon Sep 17 00:00:00 2001
From: Damien Miller <djm@mindrot.org>
Date: Mon, 26 Feb 2018 12:17:22 +1100
Subject: avoid inclusion of deprecated selinux/flask.h

Use string_to_security_class() instead.
---
 openbsd-compat/port-linux.c | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/openbsd-compat/port-linux.c b/openbsd-compat/port-linux.c
index e4c5d1b7c..8c5325cc3 100644
--- a/openbsd-compat/port-linux.c
+++ b/openbsd-compat/port-linux.c
@@ -33,7 +33,6 @@
 
 #ifdef WITH_SELINUX
 #include <selinux/selinux.h>
-#include <selinux/flask.h>
 #include <selinux/get_context_list.h>
 
 #ifndef SSH_SELINUX_UNCONFINED_TYPE
@@ -139,6 +138,7 @@ ssh_selinux_setup_pty(char *pwname, const char *tty)
 	security_context_t new_tty_ctx = NULL;
 	security_context_t user_ctx = NULL;
 	security_context_t old_tty_ctx = NULL;
+	security_class_t chrclass;
 
 	if (!ssh_selinux_enabled())
 		return;
@@ -153,9 +153,12 @@ ssh_selinux_setup_pty(char *pwname, const char *tty)
 		error("%s: getfilecon: %s", __func__, strerror(errno));
 		goto out;
 	}
-
+	if ((chrclass = string_to_security_class("chr_file")) == 0) {
+		error("%s: couldn't get security class for chr_file", __func__);
+		goto out;
+	}
 	if (security_compute_relabel(user_ctx, old_tty_ctx,
-	    SECCLASS_CHR_FILE, &new_tty_ctx) != 0) {
+	    chrclass, &new_tty_ctx) != 0) {
 		error("%s: security_compute_relabel: %s",
 		    __func__, strerror(errno));
 		goto out;
-- 
cgit v1.2.3