36 lines
1.2 KiB
Diff
36 lines
1.2 KiB
Diff
diff -up openssh-5.9p1/session.c.privsep-selinux openssh-5.9p1/session.c
|
|
--- openssh-5.9p1/session.c.privsep-selinux 2012-08-01 15:36:33.397565915 +0200
|
|
+++ openssh-5.9p1/session.c 2012-08-02 18:18:15.038094629 +0200
|
|
@@ -1536,6 +1536,13 @@ do_setusercontext(struct passwd *pw)
|
|
/* Permanently switch to the desired uid. */
|
|
permanently_set_uid(pw);
|
|
#endif
|
|
+
|
|
+#ifdef WITH_SELINUX
|
|
+ if (options.chroot_directory == NULL ||
|
|
+ strcasecmp(options.chroot_directory, "none") == 0) {
|
|
+ ssh_selinux_copy_context();
|
|
+ }
|
|
+#endif
|
|
}
|
|
|
|
if (getuid() != pw->pw_uid || geteuid() != pw->pw_uid)
|
|
diff -up openssh-5.9p1/sshd.c.privsep-selinux openssh-5.9p1/sshd.c
|
|
--- openssh-5.9p1/sshd.c.privsep-selinux 2012-08-01 16:09:22.949423356 +0200
|
|
+++ openssh-5.9p1/sshd.c 2012-08-02 18:07:22.912225684 +0200
|
|
@@ -790,6 +790,14 @@ privsep_postauth(Authctxt *authctxt)
|
|
do_setusercontext(authctxt->pw);
|
|
|
|
skip:
|
|
+#ifdef WITH_SELINUX
|
|
+ /* switch SELinux content for root too */
|
|
+ if (authctxt->pw->pw_uid == 0 && (options.chroot_directory == NULL ||
|
|
+ strcasecmp(options.chroot_directory, "none") == 0)) {
|
|
+ ssh_selinux_copy_context();
|
|
+ }
|
|
+#endif
|
|
+
|
|
/* It is safe now to apply the key state */
|
|
monitor_apply_keystate(pmonitor);
|
|
|