From 7c6d0cc0c2c34c616a460776b249c8643973e5e5 Mon Sep 17 00:00:00 2001
From: djm <djm>
Date: Fri, 26 Mar 2010 00:04:09 +0000
Subject:  - (djm) [session.c] Allow ChrootDirectory to work on SELinux
 platforms -    set up SELinux execution context before chroot() call. From
 Russell    Coker via Colin watson; bz#1726 ok dtucker@

---
 session.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

(limited to 'session.c')

diff --git a/session.c b/session.c
index 639405fe..e032de69 100644
--- a/session.c
+++ b/session.c
@@ -1551,6 +1551,10 @@ do_setusercontext(struct passwd *pw)
 		}
 #endif /* HAVE_SETPCRED */
 
+#ifdef WITH_SELINUX
+		ssh_selinux_setup_exec_context(pw->pw_name);
+#endif
+
 		if (options.chroot_directory != NULL &&
 		    strcasecmp(options.chroot_directory, "none") != 0) {
                         tmp = tilde_expand_filename(options.chroot_directory,
@@ -1575,10 +1579,6 @@ do_setusercontext(struct passwd *pw)
 
 	if (getuid() != pw->pw_uid || geteuid() != pw->pw_uid)
 		fatal("Failed to set uids to %u.", (u_int) pw->pw_uid);
-
-#ifdef WITH_SELINUX
-	ssh_selinux_setup_exec_context(pw->pw_name);
-#endif
 }
 
 static void
-- 
cgit v1.2.1