openssh/openssh-5.9p1-privsep-selinux.patch

30 lines
858 B
Diff

diff --git a/session.c b/session.c
index 436ea48..49c9321 100644
--- a/session.c
+++ b/session.c
@@ -1561,6 +1561,13 @@ do_setusercontext(struct passwd *pw)
#endif
}
+#ifdef WITH_SELINUX
+ if (options.chroot_directory == NULL ||
+ strcasecmp(options.chroot_directory, "none") == 0) {
+ ssh_selinux_copy_context();
+ }
+#endif
+
if (getuid() != pw->pw_uid || geteuid() != pw->pw_uid)
fatal("Failed to set uids to %u.", (u_int) pw->pw_uid);
}
@@ -1693,7 +1700,9 @@ do_child(Session *s, const char *command)
/* When PAM is enabled we rely on it to do the nologin check */
if (!options.use_pam)
do_nologin(pw);
- do_setusercontext(pw);
+ /* We are already separated */
+ if (!use_privsep)
+ do_setusercontext(pw);
/*
* PAM session modules in do_setusercontext may have
* generated messages, so if this in an interactive