- Tweaking selabel batch to work properly without selinux rules loaded. (#632914)

openssh-5.6p1-selabel.patch

@@ -33,7 +33,7 @@ diff -up openssh-5.6p1/ssh.c.selabel openssh-5.6p1/ssh.c
  #include "openbsd-compat/openssl-compat.h"
  #include "openbsd-compat/sys-queue.h"
  
-@@ -848,10 +849,15 @@ main(int ac, char **av)
+@@ -848,10 +849,17 @@ main(int ac, char **av)
  	 */
  	r = snprintf(buf, sizeof buf, "%s%s%s", pw->pw_dir,
  	    strcmp(pw->pw_dir, "/") ? "/" : "", _PATH_SSH_USER_DIR);
@@ -41,8 +41,10 @@ diff -up openssh-5.6p1/ssh.c.selabel openssh-5.6p1/ssh.c
 +	if (r > 0 && (size_t)r < sizeof(buf) && stat(buf, &st) < 0) {
 +		char *scon;
 +
-+		matchpathcon(buf, 0700, &scon);
-+		setfscreatecon(scon);
++		if (matchpathcon(buf, 0700, &scon) != -1) {
++			setfscreatecon(scon);
++			matchpathcon_fini();
++		}
  		if (mkdir(buf, 0700) < 0)
  			error("Could not create directory '%.200s'.", buf);
 -

openssh.spec

@@ -71,7 +71,7 @@
 
 # Do not forget to bump pam_ssh_agent_auth release if you rewind the main package release to 1
 %define openssh_ver 5.6p1
-%define openssh_rel 3
+%define openssh_rel 4
 %define pam_ssh_agent_ver 0.9.2
 %define pam_ssh_agent_rel 27
 
@@ -581,6 +581,9 @@ fi
 %endif
 
 %changelog
+* Mon Sep 13 2010 Jan F. Chadima <jchadima@redhat.com> - 5.6p1-4 + 0.9.2-27
+- Tweaking selabel batch to work properly without selinux rules loaded. (#632914)
+
 * Wed Sep  8 2010 Tomas Mraz <tmraz@redhat.com> - 5.6p1-3 + 0.9.2-27
 - Make fipscheck hmacs compliant with FHS - requires new fipscheck