From 4c2d1c67cea075107aadaa6d81fe456687c69e67 Mon Sep 17 00:00:00 2001
From: Colin Watson <cjwatson@debian.org>
Date: Fri, 17 Jun 2005 12:44:30 +0000
Subject: Manoj Srivastava: - Added SELinux capability, and turned it on be
 default. Added   restorecon calls in preinst and postinst (should not matter
 if the   machine is not SELinux aware). By and large, the changes made should
   have no effect unless the rules file calls --with-selinux; and even   then
 there should be no performance hit for machines not actively   running
 SELinux. - Modified the preinst and postinst to call restorecon to set the  
 security context for the generated public key files. - Added a comment to
 /etc/pam.d/ssh to indicate that an SELinux system   may want to also include
 pam_selinux.so.

---
 sshpty.c | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'sshpty.c')

diff --git a/sshpty.c b/sshpty.c
index efd1dfefa..71b8daa0d 100644
--- a/sshpty.c
+++ b/sshpty.c
@@ -22,6 +22,8 @@ RCSID("$OpenBSD: sshpty.c,v 1.12 2004/06/21 17:36:31 avsm Exp $");
 #include "log.h"
 #include "misc.h"
 
+#include "selinux.h"
+
 #ifdef HAVE_PTY_H
 # include <pty.h>
 #endif
@@ -200,6 +202,8 @@ pty_setowner(struct passwd *pw, const char *tty)
 		fatal("stat(%.100s) failed: %.100s", tty,
 		    strerror(errno));
 
+	setup_selinux_pty(pw->pw_name, tty);
+
 	if (st.st_uid != pw->pw_uid || st.st_gid != gid) {
 		if (chown(tty, pw->pw_uid, gid) < 0) {
 			if (errno == EROFS &&
-- 
cgit v1.2.3