forked from rpms/openssh
adjust openssh-5.9p1-privsep-selinux.patch also for internal sftp subsystem
This commit is contained in:
parent
feb99ea644
commit
c3bb4552cf
@ -16,7 +16,7 @@ index 436ea48..49c9321 100644
|
||||
if (getuid() != pw->pw_uid || geteuid() != pw->pw_uid)
|
||||
fatal("Failed to set uids to %u.", (u_int) pw->pw_uid);
|
||||
}
|
||||
@@ -1693,7 +1700,9 @@ do_child(Session *s, const char *command)
|
||||
@@ -1670,7 +1677,9 @@ do_child(Session *s, const char *command
|
||||
/* When PAM is enabled we rely on it to do the nologin check */
|
||||
if (!options.use_pam)
|
||||
do_nologin(pw);
|
||||
@ -27,3 +27,14 @@ index 436ea48..49c9321 100644
|
||||
/*
|
||||
* PAM session modules in do_setusercontext may have
|
||||
* generated messages, so if this in an interactive
|
||||
@@ -1791,8 +1800,8 @@ do_child(Session *s, const char *command
|
||||
optind = optreset = 1;
|
||||
__progname = argv[0];
|
||||
#ifdef WITH_SELINUX
|
||||
- if (options.chroot_directory == NULL ||
|
||||
- strcasecmp(options.chroot_directory, "none") == 0) {
|
||||
+ if (!use_privsep &&
|
||||
+ (options.chroot_directory == NULL || strcasecmp(options.chroot_directory, "none") == 0)) {
|
||||
ssh_selinux_copy_context();
|
||||
}
|
||||
#endif
|
||||
|
Loading…
Reference in New Issue
Block a user