diff options
| author | Darren Tucker <dtucker@zip.com.au> | 2008-03-27 07:27:20 +1100 |
|---|---|---|
| committer | Darren Tucker <dtucker@zip.com.au> | 2008-03-27 07:27:20 +1100 |
| commit | b8eb586412f338dcee69639ae375d5f72e26a094 (patch) | |
| tree | 01aae213b6980e733522d5c1fa235519aaf82649 | |
| parent | a19390067474ab3a8ad806dbf551fd84164e78a4 (diff) | |
| download | openssh-git-b8eb586412f338dcee69639ae375d5f72e26a094.tar.gz | |
- (dtucker) Cache selinux status earlier so we know if it's enabled after a
chroot. Allows ChrootDirectory to work with selinux support compiled in
but not enabled. Using it with selinux enabled will require some selinux
support inside the chroot. "looks sane" djm@
| -rw-r--r-- | ChangeLog | 8 | ||||
| -rw-r--r-- | openbsd-compat/port-linux.c | 4 | ||||
| -rw-r--r-- | openbsd-compat/port-linux.h | 3 | ||||
| -rw-r--r-- | session.c | 5 |
4 files changed, 16 insertions, 4 deletions
@@ -1,3 +1,9 @@ +20080327 + - (dtucker) Cache selinux status earlier so we know if it's enabled after a + chroot. Allows ChrootDirectory to work with selinux support compiled in + but not enabled. Using it with selinux enabled will require some selinux + support inside the chroot. "looks sane" djm@ + 20080315 - (djm) [regress/test-exec.sh] Quote putty-related variables in case they are empty; report and patch from Peter Stuge @@ -3765,4 +3771,4 @@ OpenServer 6 and add osr5bigcrypt support so when someone migrates passwords between UnixWare and OpenServer they will still work. OK dtucker@ -$Id: ChangeLog,v 1.4879 2008/03/15 06:27:58 djm Exp $ +$Id: ChangeLog,v 1.4880 2008/03/26 20:27:20 dtucker Exp $ diff --git a/openbsd-compat/port-linux.c b/openbsd-compat/port-linux.c index 2f697e7d..ad262758 100644 --- a/openbsd-compat/port-linux.c +++ b/openbsd-compat/port-linux.c @@ -1,4 +1,4 @@ -/* $Id: port-linux.c,v 1.4 2007/06/27 22:48:03 djm Exp $ */ +/* $Id: port-linux.c,v 1.5 2008/03/26 20:27:21 dtucker Exp $ */ /* * Copyright (c) 2005 Daniel Walsh <dwalsh@redhat.com> @@ -36,7 +36,7 @@ #include <selinux/get_context_list.h> /* Wrapper around is_selinux_enabled() to log its return value once only */ -static int +int ssh_selinux_enabled(void) { static int enabled = -1; diff --git a/openbsd-compat/port-linux.h b/openbsd-compat/port-linux.h index 05e520e1..5cd39bf8 100644 --- a/openbsd-compat/port-linux.h +++ b/openbsd-compat/port-linux.h @@ -1,4 +1,4 @@ -/* $Id: port-linux.h,v 1.1 2006/04/22 11:26:08 djm Exp $ */ +/* $Id: port-linux.h,v 1.2 2008/03/26 20:27:21 dtucker Exp $ */ /* * Copyright (c) 2006 Damien Miller <djm@openbsd.org> @@ -20,6 +20,7 @@ #define _PORT_LINUX_H #ifdef WITH_SELINUX +int ssh_selinux_enabled(void); void ssh_selinux_setup_pty(char *, const char *); void ssh_selinux_setup_exec_context(char *); #endif @@ -1345,6 +1345,11 @@ do_setusercontext(struct passwd *pw) { char *chroot_path, *tmp; +#ifdef WITH_SELINUX + /* Cache selinux status for later use */ + (void)ssh_selinux_enabled(); +#endif + #ifndef HAVE_CYGWIN if (getuid() == 0 || geteuid() == 0) #endif /* HAVE_CYGWIN */ |