libssh/SOURCES/libssh-0.9.0-run-sshd-confined.patch

--- a/tests/torture.c	2019-06-28 14:01:52.936462964 +0200
+++ b/tests/torture.c	2019-06-28 14:03:52.324325029 +0200
@@ -854,7 +854,7 @@
     s = *state;
 
     snprintf(sshd_start_cmd, sizeof(sshd_start_cmd),
-             "/usr/sbin/sshd -r -f %s -E %s/sshd/daemon.log 2> %s/sshd/cwrap.log",
+             "runcon -t sshd_t -u system_u -r system_r /usr/sbin/sshd -r -f %s -E %s/sshd/daemon.log 2> %s/sshd/cwrap.log",
              s->srv_config, s->socket_dir, s->socket_dir);
 
     rc = system(sshd_start_cmd);
@@ -864,7 +864,7 @@
     unsetenv("PAM_WRAPPER");
 
     /* Wait until the sshd is ready to accept connections */
-    rc = torture_wait_for_daemon(5);
+    rc = torture_wait_for_daemon(10);
     assert_int_equal(rc, 0);
 }
 
@@ -904,27 +904,32 @@
 torture_reload_sshd_server(void **state)
 {
     struct torture_state *s = *state;
-    pid_t pid;
+    char sshd_start_cmd[1024];
     int rc;
 
-    /* read the pidfile */
-    pid = torture_read_pidfile(s->srv_pidfile);
-    assert_int_not_equal(pid, -1);
+    rc = torture_terminate_process(s->srv_pidfile);
+    if (rc != 0) {
+        fprintf(stderr, "XXXXXX Failed to terminate sshd\n");
+    }
 
-    kill(pid, SIGHUP);
+    usleep(100 * 1000);
 
-    /* 10 ms */
-    usleep(10 * 1000);
+    /* Set the default interface for the server */
+    setenv("SOCKET_WRAPPER_DEFAULT_IFACE", "10", 1);
+    setenv("PAM_WRAPPER", "1", 1);
 
-    rc = kill(pid, 0);
-    if (rc != 0) {
-        fprintf(stderr,
-                "ERROR: SSHD process %u died during reload!\n", pid);
-        return SSH_ERROR;
-    }
+    snprintf(sshd_start_cmd, sizeof(sshd_start_cmd),
+             "runcon -t sshd_t -u system_u -r system_r /usr/sbin/sshd -r -f %s -E %s/sshd/daemon.log 2> %s/sshd/cwrap.log",
+             s->srv_config, s->socket_dir, s->socket_dir);
+
+    rc = system(sshd_start_cmd);
+    assert_return_code(rc, errno);
+
+    setenv("SOCKET_WRAPPER_DEFAULT_IFACE", "21", 1);
+    unsetenv("PAM_WRAPPER");
 
     /* Wait until the sshd is ready to accept connections */
-    rc = torture_wait_for_daemon(5);
+    rc = torture_wait_for_daemon(10);
     assert_int_equal(rc, 0);
     return SSH_OK;
 }
import libssh-0.9.0-4.el8 2020-01-21 23:06:23 +00:00			`--- a/tests/torture.c 2019-06-28 14:01:52.936462964 +0200`
			`+++ b/tests/torture.c 2019-06-28 14:03:52.324325029 +0200`
			`@@ -854,7 +854,7 @@`
import libssh-0.8.91-0.1.el8 2019-08-02 12:40:05 +00:00			`s = *state;`

			`snprintf(sshd_start_cmd, sizeof(sshd_start_cmd),`
			`- "/usr/sbin/sshd -r -f %s -E %s/sshd/daemon.log 2> %s/sshd/cwrap.log",`
			`+ "runcon -t sshd_t -u system_u -r system_r /usr/sbin/sshd -r -f %s -E %s/sshd/daemon.log 2> %s/sshd/cwrap.log",`
			`s->srv_config, s->socket_dir, s->socket_dir);`

			`rc = system(sshd_start_cmd);`
import libssh-0.9.0-4.el8 2020-01-21 23:06:23 +00:00			`@@ -864,7 +864,7 @@`
import libssh-0.8.91-0.1.el8 2019-08-02 12:40:05 +00:00			`unsetenv("PAM_WRAPPER");`

			`/* Wait until the sshd is ready to accept connections */`
			`- rc = torture_wait_for_daemon(5);`
			`+ rc = torture_wait_for_daemon(10);`
			`assert_int_equal(rc, 0);`
			`}`

import libssh-0.9.0-4.el8 2020-01-21 23:06:23 +00:00			`@@ -904,27 +904,32 @@`
			`torture_reload_sshd_server(void **state)`
import libssh-0.8.91-0.1.el8 2019-08-02 12:40:05 +00:00			`{`
			`struct torture_state s = state;`
import libssh-0.9.0-4.el8 2020-01-21 23:06:23 +00:00			`- pid_t pid;`
import libssh-0.8.91-0.1.el8 2019-08-02 12:40:05 +00:00			`+ char sshd_start_cmd[1024];`
			`int rc;`

			`- /* read the pidfile */`
			`- pid = torture_read_pidfile(s->srv_pidfile);`
			`- assert_int_not_equal(pid, -1);`
			`+ rc = torture_terminate_process(s->srv_pidfile);`
			`+ if (rc != 0) {`
			`+ fprintf(stderr, "XXXXXX Failed to terminate sshd\n");`
			`+ }`

			`- kill(pid, SIGHUP);`
			`+ usleep(100 * 1000);`

			`- /* 10 ms */`
			`- usleep(10 * 1000);`
			`+ /* Set the default interface for the server */`
			`+ setenv("SOCKET_WRAPPER_DEFAULT_IFACE", "10", 1);`
			`+ setenv("PAM_WRAPPER", "1", 1);`

			`- rc = kill(pid, 0);`
			`- if (rc != 0) {`
			`- fprintf(stderr,`
			`- "ERROR: SSHD process %u died during reload!\n", pid);`
			`- return SSH_ERROR;`
			`- }`
			`+ snprintf(sshd_start_cmd, sizeof(sshd_start_cmd),`
			`+ "runcon -t sshd_t -u system_u -r system_r /usr/sbin/sshd -r -f %s -E %s/sshd/daemon.log 2> %s/sshd/cwrap.log",`
			`+ s->srv_config, s->socket_dir, s->socket_dir);`
			`+`
			`+ rc = system(sshd_start_cmd);`
			`+ assert_return_code(rc, errno);`
			`+`
			`+ setenv("SOCKET_WRAPPER_DEFAULT_IFACE", "21", 1);`
			`+ unsetenv("PAM_WRAPPER");`

			`/* Wait until the sshd is ready to accept connections */`
			`- rc = torture_wait_for_daemon(5);`
			`+ rc = torture_wait_for_daemon(10);`
			`assert_int_equal(rc, 0);`
			`return SSH_OK;`
			`}`