From 7afb9ad9307191397a3ccf3d7cc90dfe474b09e8 Mon Sep 17 00:00:00 2001
From: Manoj Srivastava <srivasta@debian.org>
Date: Sun, 9 Feb 2014 16:09:49 +0000
Subject: Handle SELinux authorisation roles

Rejected upstream due to discomfort with magic usernames; a better approach
will need an SSH protocol change.  In the meantime, this came from Debian's
SELinux maintainer, so we'll keep it until we have something better.

Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1641
Bug-Debian: http://bugs.debian.org/394795
Last-Update: 2013-09-14

Patch-Name: selinux-role.patch
---
 sshd.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'sshd.c')

diff --git a/sshd.c b/sshd.c
index fe65132e8..0a3010175 100644
--- a/sshd.c
+++ b/sshd.c
@@ -763,7 +763,7 @@ privsep_postauth(Authctxt *authctxt)
 	bzero(rnd, sizeof(rnd));
 
 	/* Drop privileges */
-	do_setusercontext(authctxt->pw);
+	do_setusercontext(authctxt->pw, authctxt->role);
 
  skip:
 	/* It is safe now to apply the key state */
-- 
cgit v1.2.3