openssh/openssh-5.6p1-selabel.patch

54 lines
2.3 KiB
Diff
Raw Normal View History

2010-08-03 00:41:49 +00:00
diff -up openssh-5.6p1/contrib/ssh-copy-id.selabel openssh-5.6p1/contrib/ssh-copy-id
--- openssh-5.6p1/contrib/ssh-copy-id.selabel 2010-08-10 05:36:09.000000000 +0200
+++ openssh-5.6p1/contrib/ssh-copy-id 2010-08-23 12:50:20.000000000 +0200
@@ -41,7 +41,7 @@ fi
# strip any trailing colon
host=`echo $1 | sed 's/:$//'`
2010-08-03 00:41:49 +00:00
-{ eval "$GET_ID" ; } | ssh $host "umask 077; test -d ~/.ssh || mkdir ~/.ssh ; cat >> ~/.ssh/authorized_keys" || exit 1
+{ eval "$GET_ID" ; } | ssh $host "umask 077; test -d ~/.ssh || mkdir ~/.ssh ; cat >> ~/.ssh/authorized_keys; test -x /sbin/restorecon && /sbin/restorecon ~/.ssh ~/.ssh/authorized_keys" || exit 1
cat <<EOF
2010-08-03 00:41:49 +00:00
Now try logging into the machine, with "ssh '$host'", and check in:
diff -up openssh-5.6p1/Makefile.in.selabel openssh-5.6p1/Makefile.in
--- openssh-5.6p1/Makefile.in.selabel 2010-08-23 12:47:39.000000000 +0200
+++ openssh-5.6p1/Makefile.in 2010-08-23 12:47:39.000000000 +0200
@@ -141,7 +141,7 @@ libssh.a: $(LIBSSH_OBJS)
$(RANLIB) $@
ssh$(EXEEXT): $(LIBCOMPAT) libssh.a $(SSHOBJS)
- $(LD) -o $@ $(SSHOBJS) $(LDFLAGS) -lssh -lopenbsd-compat -lfipscheck $(LIBS)
+ $(LD) -o $@ $(SSHOBJS) $(LDFLAGS) -lssh -lopenbsd-compat -lfipscheck -lselinux $(LIBS)
sshd$(EXEEXT): libssh.a $(LIBCOMPAT) $(SSHDOBJS)
2009-10-02 13:50:30 +00:00
$(LD) -o $@ $(SSHDOBJS) $(LDFLAGS) -lssh -lopenbsd-compat -lfipscheck $(SSHDLIBS) $(LIBS)
2010-08-03 00:41:49 +00:00
diff -up openssh-5.6p1/ssh.c.selabel openssh-5.6p1/ssh.c
--- openssh-5.6p1/ssh.c.selabel 2010-08-23 12:47:39.000000000 +0200
+++ openssh-5.6p1/ssh.c 2010-08-23 12:47:39.000000000 +0200
@@ -74,6 +74,7 @@
#include <openssl/err.h>
#include <openssl/fips.h>
#include <fipscheck.h>
+#include <selinux/selinux.h>
#include "openbsd-compat/openssl-compat.h"
#include "openbsd-compat/sys-queue.h"
2010-08-03 00:41:49 +00:00
@@ -848,10 +849,15 @@ main(int ac, char **av)
*/
r = snprintf(buf, sizeof buf, "%s%s%s", pw->pw_dir,
strcmp(pw->pw_dir, "/") ? "/" : "", _PATH_SSH_USER_DIR);
- if (r > 0 && (size_t)r < sizeof(buf) && stat(buf, &st) < 0)
+ if (r > 0 && (size_t)r < sizeof(buf) && stat(buf, &st) < 0) {
+ char *scon;
+
+ matchpathcon(buf, 0700, &scon);
+ setfscreatecon(scon);
if (mkdir(buf, 0700) < 0)
error("Could not create directory '%.200s'.", buf);
-
+ setfscreatecon(NULL);
+ }
/* load options.identity_files */
load_public_identity_files();