rpms/openssh
7
0
Fork 1
Code Issues Pull Requests Releases Activity

use SELinux type sshd_net_t for [net] childs (#915085)

Browse Source
This commit is contained in:
Petr Lautrbach 2013-02-24 16:36:18 +01:00
parent 2a7883d153
commit 338e71981d
2 changed files with 15 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
openssh-5.9p1-sesandbox.patch
View File

@ -247,7 +247,7 @@ diff -up openssh-5.9p1/sandbox-selinux.c.sesandbox openssh-5.9p1/sandbox-selinux
+void +void
+ssh_sandbox_privileged_child(struct ssh_sandbox *box) +ssh_sandbox_privileged_child(struct ssh_sandbox *box)
+{ +{
+ switch (ssh_selinux_change_context("sshd_sandbox_t")) { + switch (ssh_selinux_change_context("sshd_net_t")) {
+ case 0: + case 0:
+ debug3("selinux sandbox child sucessfully enabled"); + debug3("selinux sandbox child sucessfully enabled");
+ break; + break;

17
openssh-6.1p1-privsep-selinux.patch
View File

@ -75,9 +75,20 @@ diff -up openssh-6.1p1/session.c.privsep-selinux openssh-6.1p1/session.c
} }
diff -up openssh-6.1p1/sshd.c.privsep-selinux openssh-6.1p1/sshd.c diff -up openssh-6.1p1/sshd.c.privsep-selinux openssh-6.1p1/sshd.c
--- openssh-6.1p1/sshd.c.privsep-selinux 2012-11-05 14:46:39.335809209 +0100 --- openssh-6.1p1/sshd.c.privsep-selinux 2013-02-24 11:29:32.997823377 +0100
+++ openssh-6.1p1/sshd.c 2012-11-05 14:46:39.341809247 +0100 +++ openssh-6.1p1/sshd.c 2013-02-24 11:43:34.171182720 +0100
@@ -794,6 +794,13 @@ privsep_postauth(Authctxt *authctxt) @@ -653,6 +653,10 @@ privsep_preauth_child(void)
/* Demote the private keys to public keys. */
demote_sensitive_data();
+#ifdef WITH_SELINUX
+ ssh_selinux_change_context("sshd_net_t");
+#endif
+
/* Change our root directory */
if (chroot(_PATH_PRIVSEP_CHROOT_DIR) == -1)
fatal("chroot(\"%s\"): %s", _PATH_PRIVSEP_CHROOT_DIR,
@@ -794,6 +798,13 @@ privsep_postauth(Authctxt *authctxt)
do_setusercontext(authctxt->pw); do_setusercontext(authctxt->pw);
skip: skip: