From a00cba810338ce920de432e7797a45794bf280ba Mon Sep 17 00:00:00 2001
From: Manoj Srivastava <srivasta@debian.org>
Date: Sun, 9 Feb 2014 16:09:49 +0000
Subject: Handle SELinux authorisation roles

Rejected upstream due to discomfort with magic usernames; a better approach
will need an SSH protocol change.  In the meantime, this came from Debian's
SELinux maintainer, so we'll keep it until we have something better.

Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1641
Bug-Debian: http://bugs.debian.org/394795
Last-Update: 2015-08-19

Patch-Name: selinux-role.patch
---
 sshd.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'sshd.c')

diff --git a/sshd.c b/sshd.c
index d1dd711fc..bb093ccc0 100644
--- a/sshd.c
+++ b/sshd.c
@@ -781,7 +781,7 @@ privsep_postauth(Authctxt *authctxt)
 	explicit_bzero(rnd, sizeof(rnd));
 
 	/* Drop privileges */
-	do_setusercontext(authctxt->pw);
+	do_setusercontext(authctxt->pw, authctxt->role);
 
  skip:
 	/* It is safe now to apply the key state */
-- 
cgit v1.2.3