From c574865182e2c5dfa183b577f49ac602d16df5c0 Mon Sep 17 00:00:00 2001
From: Manoj Srivastava <srivasta@debian.org>
Date: Sun, 9 Feb 2014 16:09:49 +0000
Subject: Handle SELinux authorisation roles

Rejected upstream due to discomfort with magic usernames; a better approach
will need an SSH protocol change.  In the meantime, this came from Debian's
SELinux maintainer, so we'll keep it until we have something better.

Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1641
Bug-Debian: http://bugs.debian.org/394795
Last-Update: 2020-10-18

Patch-Name: selinux-role.patch
---
 sshpty.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'sshpty.c')

diff --git a/sshpty.c b/sshpty.c
index bce09e255..308449b37 100644
--- a/sshpty.c
+++ b/sshpty.c
@@ -162,7 +162,7 @@ pty_change_window_size(int ptyfd, u_int row, u_int col,
 }
 
 void
-pty_setowner(struct passwd *pw, const char *tty)
+pty_setowner(struct passwd *pw, const char *tty, const char *role)
 {
 	struct group *grp;
 	gid_t gid;
@@ -186,7 +186,7 @@ pty_setowner(struct passwd *pw, const char *tty)
 		    strerror(errno));
 
 #ifdef WITH_SELINUX
-	ssh_selinux_setup_pty(pw->pw_name, tty);
+	ssh_selinux_setup_pty(pw->pw_name, tty, role);
 #endif
 
 	if (st.st_uid != pw->pw_uid || st.st_gid != gid) {
-- 
cgit v1.2.3