From 4c2d1c67cea075107aadaa6d81fe456687c69e67 Mon Sep 17 00:00:00 2001 From: Colin Watson Date: Fri, 17 Jun 2005 12:44:30 +0000 Subject: Manoj Srivastava: - Added SELinux capability, and turned it on be default. Added restorecon calls in preinst and postinst (should not matter if the machine is not SELinux aware). By and large, the changes made should have no effect unless the rules file calls --with-selinux; and even then there should be no performance hit for machines not actively running SELinux. - Modified the preinst and postinst to call restorecon to set the security context for the generated public key files. - Added a comment to /etc/pam.d/ssh to indicate that an SELinux system may want to also include pam_selinux.so. --- debian/openssh-server.postinst | 3 +++ 1 file changed, 3 insertions(+) (limited to 'debian/openssh-server.postinst') diff --git a/debian/openssh-server.postinst b/debian/openssh-server.postinst index 9beb373b7..e6fe65ffa 100644 --- a/debian/openssh-server.postinst +++ b/debian/openssh-server.postinst @@ -94,6 +94,9 @@ create_key() { echo -n $msg ssh-keygen -q -f "$file" -N '' "$@" echo + if type restorecon >/dev/null 2>&1; then + restorecon "$file.pub" + fi fi } -- cgit v1.2.3