[openssh/f17] adjust openssh-5.9p1-privsep-selinux.patch also for internal sftp subsystem
plautrba
plautrba at fedoraproject.org
Wed Feb 22 08:17:22 UTC 2012
commit c3bb4552cf6452a4cdd3dde0535f075114670ad9
Author: Petr Lautrbach <plautrba at redhat.com>
Date: Fri Feb 17 11:35:49 2012 +0100
adjust openssh-5.9p1-privsep-selinux.patch also for internal sftp subsystem
openssh-5.9p1-privsep-selinux.patch | 13 ++++++++++++-
1 files changed, 12 insertions(+), 1 deletions(-)
---
diff --git a/openssh-5.9p1-privsep-selinux.patch b/openssh-5.9p1-privsep-selinux.patch
index 96143ed..7819a46 100644
--- a/openssh-5.9p1-privsep-selinux.patch
+++ b/openssh-5.9p1-privsep-selinux.patch
@@ -16,7 +16,7 @@ index 436ea48..49c9321 100644
if (getuid() != pw->pw_uid || geteuid() != pw->pw_uid)
fatal("Failed to set uids to %u.", (u_int) pw->pw_uid);
}
-@@ -1693,7 +1700,9 @@ do_child(Session *s, const char *command)
+@@ -1670,7 +1677,9 @@ do_child(Session *s, const char *command
/* When PAM is enabled we rely on it to do the nologin check */
if (!options.use_pam)
do_nologin(pw);
@@ -27,3 +27,14 @@ index 436ea48..49c9321 100644
/*
* PAM session modules in do_setusercontext may have
* generated messages, so if this in an interactive
+@@ -1791,8 +1800,8 @@ do_child(Session *s, const char *command
+ optind = optreset = 1;
+ __progname = argv[0];
+ #ifdef WITH_SELINUX
+- if (options.chroot_directory == NULL ||
+- strcasecmp(options.chroot_directory, "none") == 0) {
++ if (!use_privsep &&
++ (options.chroot_directory == NULL || strcasecmp(options.chroot_directory, "none") == 0)) {
+ ssh_selinux_copy_context();
+ }
+ #endif
More information about the scm-commits
mailing list