adjust openssh-5.9p1-privsep-selinux.patch also for internal sftp subsystem

2012-02-17 11:35:49 +01:00 · 2012-02-17 11:35:49 +01:00 · c3bb4552cf
commit c3bb4552cf
parent feb99ea644
1 changed files with 12 additions and 1 deletions
--- a/openssh-5.9p1-privsep-selinux.patch
+++ b/openssh-5.9p1-privsep-selinux.patch
@ -16,7 +16,7 @@ index 436ea48..49c9321 100644
 	if (getuid() != pw->pw_uid || geteuid() != pw->pw_uid)
 		fatal("Failed to set uids to %u.", (u_int) pw->pw_uid);
 }
-@@ -1693,7 +1700,9 @@ do_child(Session *s, const char *command)
+@@ -1670,7 +1677,9 @@ do_child(Session *s, const char *command
 		/* When PAM is enabled we rely on it to do the nologin check */
 		if (!options.use_pam)
 			do_nologin(pw);
@ -27,3 +27,14 @@ index 436ea48..49c9321 100644
 		/*
 		 * PAM session modules in do_setusercontext may have
 		 * generated messages, so if this in an interactive
+@@ -1791,8 +1800,8 @@ do_child(Session *s, const char *command
+ 		optind = optreset = 1;
+ 		__progname = argv[0];
+ #ifdef WITH_SELINUX
+-		if (options.chroot_directory == NULL ||
+-		    strcasecmp(options.chroot_directory, "none") == 0) {
+		if (!use_privsep &&
+		    (options.chroot_directory == NULL || strcasecmp(options.chroot_directory, "none") == 0)) {
+ 			ssh_selinux_copy_context();
+ 		}
+ #endif