- (djm) [session.c] Allow ChrootDirectory to work on SELinux platforms -

set up SELinux execution context before chroot() call. From Russell
   Coker via Colin watson; bz#1726 ok dtucker@
This commit is contained in:
Damien Miller 2010-03-26 11:04:09 +11:00
parent 44451d0af8
commit 8b90642fcf
2 changed files with 7 additions and 4 deletions

View File

@ -8,6 +8,9 @@
[servconf.c]
from portable: getcwd(NULL, 0) doesn't work on all platforms, so
use a stack buffer; ok dtucker@
- (djm) [session.c] Allow ChrootDirectory to work on SELinux platforms -
set up SELinux execution context before chroot() call. From Russell
Coker via Colin watson; bz#1726 ok dtucker@
20100324
- (dtucker) [contrib/cygwin/ssh-host-config] Mount the Windows directory

View File

@ -1551,6 +1551,10 @@ do_setusercontext(struct passwd *pw)
}
#endif /* HAVE_SETPCRED */
#ifdef WITH_SELINUX
ssh_selinux_setup_exec_context(pw->pw_name);
#endif
if (options.chroot_directory != NULL &&
strcasecmp(options.chroot_directory, "none") != 0) {
tmp = tilde_expand_filename(options.chroot_directory,
@ -1575,10 +1579,6 @@ do_setusercontext(struct passwd *pw)
if (getuid() != pw->pw_uid || geteuid() != pw->pw_uid)
fatal("Failed to set uids to %u.", (u_int) pw->pw_uid);
#ifdef WITH_SELINUX
ssh_selinux_setup_exec_context(pw->pw_name);
#endif
}
static void