Fix handling SELinux context in MLS systems

This commit is contained in:
Jakub Jelen 2015-03-30 10:54:24 +02:00
parent 23bc31b25a
commit b8a0f7a5ea

View File

@ -875,3 +875,20 @@ diff -up openssh-6.8p1/sshd.c.role-mls openssh-6.8p1/sshd.c
#ifdef USE_PAM #ifdef USE_PAM
if (options.use_pam) { if (options.use_pam) {
do_pam_setcred(1); do_pam_setcred(1);
diff --git a/openbsd-compat/port-linux.c b/openbsd-compat/port-linux.c
index 22ea8ef..2660085 100644
--- a/openbsd-compat/port-linux.c
+++ b/openbsd-compat/port-linux.c
@@ -116,7 +116,11 @@ ssh_selinux_setup_pty(char *pwname, const char *tty)
debug3("%s: setting TTY context on %s", __func__, tty);
- user_ctx = ssh_selinux_getctxbyname(pwname);
+ if (getexeccon(&user_ctx) != 0) {
+ error("%s: getexeccon: %s", __func__, strerror(errno));
+ goto out;
+ }
+
/* XXX: should these calls fatal() upon failure in enforcing mode? */