30 lines
858 B
Diff
30 lines
858 B
Diff
diff --git a/session.c b/session.c
|
|
index 436ea48..49c9321 100644
|
|
--- a/session.c
|
|
+++ b/session.c
|
|
@@ -1561,6 +1561,13 @@ do_setusercontext(struct passwd *pw)
|
|
#endif
|
|
}
|
|
|
|
+#ifdef WITH_SELINUX
|
|
+ if (options.chroot_directory == NULL ||
|
|
+ strcasecmp(options.chroot_directory, "none") == 0) {
|
|
+ ssh_selinux_copy_context();
|
|
+ }
|
|
+#endif
|
|
+
|
|
if (getuid() != pw->pw_uid || geteuid() != pw->pw_uid)
|
|
fatal("Failed to set uids to %u.", (u_int) pw->pw_uid);
|
|
}
|
|
@@ -1693,7 +1700,9 @@ do_child(Session *s, const char *command)
|
|
/* When PAM is enabled we rely on it to do the nologin check */
|
|
if (!options.use_pam)
|
|
do_nologin(pw);
|
|
- do_setusercontext(pw);
|
|
+ /* We are already separated */
|
|
+ if (!use_privsep)
|
|
+ do_setusercontext(pw);
|
|
/*
|
|
* PAM session modules in do_setusercontext may have
|
|
* generated messages, so if this in an interactive
|