forked from rpms/openssh
		
	adjust openssh-5.9p1-privsep-selinux.patch also for internal sftp subsystem
This commit is contained in:
		
							parent
							
								
									feb99ea644
								
							
						
					
					
						commit
						c3bb4552cf
					
				| @ -16,7 +16,7 @@ index 436ea48..49c9321 100644 | |||||||
|  	if (getuid() != pw->pw_uid || geteuid() != pw->pw_uid) |  	if (getuid() != pw->pw_uid || geteuid() != pw->pw_uid) | ||||||
|  		fatal("Failed to set uids to %u.", (u_int) pw->pw_uid); |  		fatal("Failed to set uids to %u.", (u_int) pw->pw_uid); | ||||||
|  } |  } | ||||||
| @@ -1693,7 +1700,9 @@ do_child(Session *s, const char *command)
 | @@ -1670,7 +1677,9 @@ do_child(Session *s, const char *command
 | ||||||
|  		/* When PAM is enabled we rely on it to do the nologin check */ |  		/* When PAM is enabled we rely on it to do the nologin check */ | ||||||
|  		if (!options.use_pam) |  		if (!options.use_pam) | ||||||
|  			do_nologin(pw); |  			do_nologin(pw); | ||||||
| @ -27,3 +27,14 @@ index 436ea48..49c9321 100644 | |||||||
|  		/* |  		/* | ||||||
|  		 * PAM session modules in do_setusercontext may have |  		 * PAM session modules in do_setusercontext may have | ||||||
|  		 * generated messages, so if this in an interactive |  		 * generated messages, so if this in an interactive | ||||||
|  | @@ -1791,8 +1800,8 @@ do_child(Session *s, const char *command
 | ||||||
|  |  		optind = optreset = 1; | ||||||
|  |  		__progname = argv[0]; | ||||||
|  |  #ifdef WITH_SELINUX | ||||||
|  | -		if (options.chroot_directory == NULL ||
 | ||||||
|  | -		    strcasecmp(options.chroot_directory, "none") == 0) {
 | ||||||
|  | +		if (!use_privsep &&
 | ||||||
|  | +		    (options.chroot_directory == NULL || strcasecmp(options.chroot_directory, "none") == 0)) {
 | ||||||
|  |  			ssh_selinux_copy_context(); | ||||||
|  |  		} | ||||||
|  |  #endif | ||||||
|  | |||||||
		Loading…
	
		Reference in New Issue
	
	Block a user