From ae32d626ed3d15cfd7f432358b63c005961921df Mon Sep 17 00:00:00 2001
From: Manoj Srivastava <srivasta@debian.org>
Date: Sun, 9 Feb 2014 16:09:49 +0000
Subject: Handle SELinux authorisation roles

Rejected upstream due to discomfort with magic usernames; a better approach
will need an SSH protocol change.  In the meantime, this came from Debian's
SELinux maintainer, so we'll keep it until we have something better.

Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1641
Bug-Debian: http://bugs.debian.org/394795
Last-Update: 2013-09-14

Patch-Name: selinux-role.patch
---
 sshd.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'sshd.c')

diff --git a/sshd.c b/sshd.c
index d787fea7b..e343d902f 100644
--- a/sshd.c
+++ b/sshd.c
@@ -769,7 +769,7 @@ privsep_postauth(Authctxt *authctxt)
 	explicit_bzero(rnd, sizeof(rnd));
 
 	/* Drop privileges */
-	do_setusercontext(authctxt->pw);
+	do_setusercontext(authctxt->pw, authctxt->role);
 
  skip:
 	/* It is safe now to apply the key state */
-- 
cgit v1.2.3