jjelen pushed to openssh (f22). "Fix handling SELinux context in MLS systems"
notifications at fedoraproject.org
notifications at fedoraproject.org
Tue Mar 31 16:02:28 UTC 2015
>From b8a0f7a5ea8a9ae766a2765102c0dac772ede0b5 Mon Sep 17 00:00:00 2001
From: Jakub Jelen <jjelen at redhat.com>
Date: Mon, 30 Mar 2015 10:54:24 +0200
Subject: Fix handling SELinux context in MLS systems
diff --git a/openssh-6.6p1-role-mls.patch b/openssh-6.6p1-role-mls.patch
index e058f1e..da164d3 100644
--- a/openssh-6.6p1-role-mls.patch
+++ b/openssh-6.6p1-role-mls.patch
@@ -875,3 +875,20 @@ diff -up openssh-6.8p1/sshd.c.role-mls openssh-6.8p1/sshd.c
#ifdef USE_PAM
if (options.use_pam) {
do_pam_setcred(1);
+diff --git a/openbsd-compat/port-linux.c b/openbsd-compat/port-linux.c
+index 22ea8ef..2660085 100644
+--- a/openbsd-compat/port-linux.c
++++ b/openbsd-compat/port-linux.c
+@@ -116,7 +116,11 @@ ssh_selinux_setup_pty(char *pwname, const char *tty)
+
+ debug3("%s: setting TTY context on %s", __func__, tty);
+
+- user_ctx = ssh_selinux_getctxbyname(pwname);
++ if (getexeccon(&user_ctx) != 0) {
++ error("%s: getexeccon: %s", __func__, strerror(errno));
++ goto out;
++ }
++
+
+ /* XXX: should these calls fatal() upon failure in enforcing mode? */
+
--
cgit v0.10.2
http://pkgs.fedoraproject.org/cgit/openssh.git/commit/?h=f22&id=b8a0f7a5ea8a9ae766a2765102c0dac772ede0b5
More information about the scm-commits
mailing list