2010-08-03 00:41:49 +00:00
|
|
|
diff -up openssh-5.6p1/contrib/ssh-copy-id.selabel openssh-5.6p1/contrib/ssh-copy-id
|
|
|
|
--- openssh-5.6p1/contrib/ssh-copy-id.selabel 2010-08-10 05:36:09.000000000 +0200
|
|
|
|
+++ openssh-5.6p1/contrib/ssh-copy-id 2010-08-23 12:50:20.000000000 +0200
|
|
|
|
@@ -41,7 +41,7 @@ fi
|
|
|
|
# strip any trailing colon
|
|
|
|
host=`echo $1 | sed 's/:$//'`
|
2009-06-30 10:26:13 +00:00
|
|
|
|
2010-08-03 00:41:49 +00:00
|
|
|
-{ eval "$GET_ID" ; } | ssh $host "umask 077; test -d ~/.ssh || mkdir ~/.ssh ; cat >> ~/.ssh/authorized_keys" || exit 1
|
|
|
|
+{ eval "$GET_ID" ; } | ssh $host "umask 077; test -d ~/.ssh || mkdir ~/.ssh ; cat >> ~/.ssh/authorized_keys; test -x /sbin/restorecon && /sbin/restorecon ~/.ssh ~/.ssh/authorized_keys" || exit 1
|
2009-06-30 10:26:13 +00:00
|
|
|
|
|
|
|
cat <<EOF
|
2010-08-03 00:41:49 +00:00
|
|
|
Now try logging into the machine, with "ssh '$host'", and check in:
|
|
|
|
diff -up openssh-5.6p1/Makefile.in.selabel openssh-5.6p1/Makefile.in
|
|
|
|
--- openssh-5.6p1/Makefile.in.selabel 2010-08-23 12:47:39.000000000 +0200
|
|
|
|
+++ openssh-5.6p1/Makefile.in 2010-08-23 12:47:39.000000000 +0200
|
|
|
|
@@ -141,7 +141,7 @@ libssh.a: $(LIBSSH_OBJS)
|
2009-06-30 10:26:13 +00:00
|
|
|
$(RANLIB) $@
|
|
|
|
|
|
|
|
ssh$(EXEEXT): $(LIBCOMPAT) libssh.a $(SSHOBJS)
|
|
|
|
- $(LD) -o $@ $(SSHOBJS) $(LDFLAGS) -lssh -lopenbsd-compat -lfipscheck $(LIBS)
|
|
|
|
+ $(LD) -o $@ $(SSHOBJS) $(LDFLAGS) -lssh -lopenbsd-compat -lfipscheck -lselinux $(LIBS)
|
|
|
|
|
|
|
|
sshd$(EXEEXT): libssh.a $(LIBCOMPAT) $(SSHDOBJS)
|
2009-10-02 13:50:30 +00:00
|
|
|
$(LD) -o $@ $(SSHDOBJS) $(LDFLAGS) -lssh -lopenbsd-compat -lfipscheck $(SSHDLIBS) $(LIBS)
|
2010-08-03 00:41:49 +00:00
|
|
|
diff -up openssh-5.6p1/ssh.c.selabel openssh-5.6p1/ssh.c
|
|
|
|
--- openssh-5.6p1/ssh.c.selabel 2010-08-23 12:47:39.000000000 +0200
|
|
|
|
+++ openssh-5.6p1/ssh.c 2010-08-23 12:47:39.000000000 +0200
|
2009-06-30 10:26:13 +00:00
|
|
|
@@ -74,6 +74,7 @@
|
|
|
|
#include <openssl/err.h>
|
|
|
|
#include <openssl/fips.h>
|
|
|
|
#include <fipscheck.h>
|
|
|
|
+#include <selinux/selinux.h>
|
|
|
|
#include "openbsd-compat/openssl-compat.h"
|
|
|
|
#include "openbsd-compat/sys-queue.h"
|
|
|
|
|
2010-08-03 00:41:49 +00:00
|
|
|
@@ -848,10 +849,15 @@ main(int ac, char **av)
|
2009-06-30 10:26:13 +00:00
|
|
|
*/
|
2009-07-17 07:06:59 +00:00
|
|
|
r = snprintf(buf, sizeof buf, "%s%s%s", pw->pw_dir,
|
2009-06-30 10:26:13 +00:00
|
|
|
strcmp(pw->pw_dir, "/") ? "/" : "", _PATH_SSH_USER_DIR);
|
2009-07-17 07:06:59 +00:00
|
|
|
- if (r > 0 && (size_t)r < sizeof(buf) && stat(buf, &st) < 0)
|
|
|
|
+ if (r > 0 && (size_t)r < sizeof(buf) && stat(buf, &st) < 0) {
|
2009-06-30 10:26:13 +00:00
|
|
|
+ char *scon;
|
|
|
|
+
|
|
|
|
+ matchpathcon(buf, 0700, &scon);
|
|
|
|
+ setfscreatecon(scon);
|
|
|
|
if (mkdir(buf, 0700) < 0)
|
|
|
|
error("Could not create directory '%.200s'.", buf);
|
|
|
|
-
|
|
|
|
+ setfscreatecon(NULL);
|
|
|
|
+ }
|
|
|
|
/* load options.identity_files */
|
|
|
|
load_public_identity_files();
|
|
|
|
|