40 lines
1.3 KiB
Diff
40 lines
1.3 KiB
Diff
diff -up openssh-6.1p1/session.c.privsep-selinux openssh-6.1p1/session.c
|
|
--- openssh-6.1p1/session.c.privsep-selinux 2012-09-15 13:45:26.079476022 +0200
|
|
+++ openssh-6.1p1/session.c 2012-09-15 13:45:28.460522390 +0200
|
|
@@ -1513,6 +1513,7 @@ do_setusercontext(struct passwd *pw)
|
|
|
|
platform_setusercontext_post_groups(pw);
|
|
|
|
+
|
|
if (options.chroot_directory != NULL &&
|
|
strcasecmp(options.chroot_directory, "none") != 0) {
|
|
tmp = tilde_expand_filename(options.chroot_directory,
|
|
@@ -1536,6 +1537,10 @@ do_setusercontext(struct passwd *pw)
|
|
/* Permanently switch to the desired uid. */
|
|
permanently_set_uid(pw);
|
|
#endif
|
|
+
|
|
+#ifdef WITH_SELINUX
|
|
+ ssh_selinux_copy_context();
|
|
+#endif
|
|
}
|
|
|
|
if (getuid() != pw->pw_uid || geteuid() != pw->pw_uid)
|
|
diff -up openssh-6.1p1/sshd.c.privsep-selinux openssh-6.1p1/sshd.c
|
|
--- openssh-6.1p1/sshd.c.privsep-selinux 2012-09-15 13:45:26.062475676 +0200
|
|
+++ openssh-6.1p1/sshd.c 2012-09-15 13:45:28.467522539 +0200
|
|
@@ -794,6 +794,13 @@ privsep_postauth(Authctxt *authctxt)
|
|
do_setusercontext(authctxt->pw);
|
|
|
|
skip:
|
|
+#ifdef WITH_SELINUX
|
|
+ /* switch SELinux content for root too */
|
|
+ if (authctxt->pw->pw_uid == 0) {
|
|
+ ssh_selinux_copy_context();
|
|
+ }
|
|
+#endif
|
|
+
|
|
/* It is safe now to apply the key state */
|
|
monitor_apply_keystate(pmonitor);
|
|
|