From d4a5504cb19acf061bc6d68362b666416b21d9b3 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Fri, 28 Jan 2011 10:30:18 +1100 Subject: - (djm) [openbsd-compat/port-linux.c] Check whether SELinux is enabled before attempting setfscreatecon(). Check whether matchpathcon() succeeded before using its result. Patch from cjwatson AT debian.org; bz#1851 --- ChangeLog | 6 ++++++ openbsd-compat/port-linux.c | 16 +++++++++------- 2 files changed, 15 insertions(+), 7 deletions(-) diff --git a/ChangeLog b/ChangeLog index 79e93eea5..a69ed9fde 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,9 @@ +20110128 + - (djm) [openbsd-compat/port-linux.c] Check whether SELinux is enabled + before attempting setfscreatecon(). Check whether matchpathcon() + succeeded before using its result. Patch from cjwatson AT debian.org; + bz#1851 + 20110127 - (tim) [config.guess config.sub] Sync with upstream. - (tim) [configure.ac] Consistent M4 quoting throughout, updated obsolete diff --git a/openbsd-compat/port-linux.c b/openbsd-compat/port-linux.c index b152efc29..eb280e616 100644 --- a/openbsd-compat/port-linux.c +++ b/openbsd-compat/port-linux.c @@ -1,4 +1,4 @@ -/* $Id: port-linux.c,v 1.12 2011/01/25 01:16:18 djm Exp $ */ +/* $Id: port-linux.c,v 1.13 2011/01/27 23:30:20 djm Exp $ */ /* * Copyright (c) 2005 Daniel Walsh @@ -209,13 +209,15 @@ ssh_selinux_change_context(const char *newname) void ssh_selinux_setfscreatecon(const char *path) { - security_context_t context; + security_context_t context; - if (path == NULL) { - setfscreatecon(NULL); - return; - } - matchpathcon(path, 0700, &context); + if (!ssh_selinux_enabled()) + return; + if (path == NULL) + setfscreatecon(NULL); + return; + } + if (matchpathcon(path, 0700, &context) == 0) setfscreatecon(context); } -- cgit v1.2.3