diff options
author | Damien Miller <djm@mindrot.org> | 2010-03-26 11:04:09 +1100 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2010-03-26 11:04:09 +1100 |
commit | 8b90642fcf979737dc2f3152660b0561ec5b3a5d (patch) | |
tree | 0c83f7a0ce54b963801ac50e00f72d4c4f264e65 | |
parent | 44451d0af8ecbec2a17d47d75d3cca02d1239cf8 (diff) |
- (djm) [session.c] Allow ChrootDirectory to work on SELinux platforms -
set up SELinux execution context before chroot() call. From Russell
Coker via Colin watson; bz#1726 ok dtucker@
-rw-r--r-- | ChangeLog | 3 | ||||
-rw-r--r-- | session.c | 8 |
2 files changed, 7 insertions, 4 deletions
@@ -8,6 +8,9 @@ [servconf.c] from portable: getcwd(NULL, 0) doesn't work on all platforms, so use a stack buffer; ok dtucker@ + - (djm) [session.c] Allow ChrootDirectory to work on SELinux platforms - + set up SELinux execution context before chroot() call. From Russell + Coker via Colin watson; bz#1726 ok dtucker@ 20100324 - (dtucker) [contrib/cygwin/ssh-host-config] Mount the Windows directory @@ -1551,6 +1551,10 @@ do_setusercontext(struct passwd *pw) } #endif /* HAVE_SETPCRED */ +#ifdef WITH_SELINUX + ssh_selinux_setup_exec_context(pw->pw_name); +#endif + if (options.chroot_directory != NULL && strcasecmp(options.chroot_directory, "none") != 0) { tmp = tilde_expand_filename(options.chroot_directory, @@ -1575,10 +1579,6 @@ do_setusercontext(struct passwd *pw) if (getuid() != pw->pw_uid || geteuid() != pw->pw_uid) fatal("Failed to set uids to %u.", (u_int) pw->pw_uid); - -#ifdef WITH_SELINUX - ssh_selinux_setup_exec_context(pw->pw_name); -#endif } static void |