summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDarren Tucker <dtucker@zip.com.au>2008-03-27 07:27:20 +1100
committerDarren Tucker <dtucker@zip.com.au>2008-03-27 07:27:20 +1100
commitb8eb586412f338dcee69639ae375d5f72e26a094 (patch)
tree01aae213b6980e733522d5c1fa235519aaf82649
parenta19390067474ab3a8ad806dbf551fd84164e78a4 (diff)
- (dtucker) Cache selinux status earlier so we know if it's enabled after a
chroot. Allows ChrootDirectory to work with selinux support compiled in but not enabled. Using it with selinux enabled will require some selinux support inside the chroot. "looks sane" djm@
-rw-r--r--ChangeLog8
-rw-r--r--openbsd-compat/port-linux.c4
-rw-r--r--openbsd-compat/port-linux.h3
-rw-r--r--session.c5
4 files changed, 16 insertions, 4 deletions
diff --git a/ChangeLog b/ChangeLog
index e943a830..45429881 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,9 @@
+20080327
+ - (dtucker) Cache selinux status earlier so we know if it's enabled after a
+ chroot. Allows ChrootDirectory to work with selinux support compiled in
+ but not enabled. Using it with selinux enabled will require some selinux
+ support inside the chroot. "looks sane" djm@
+
20080315
- (djm) [regress/test-exec.sh] Quote putty-related variables in case they are
empty; report and patch from Peter Stuge
@@ -3765,4 +3771,4 @@
OpenServer 6 and add osr5bigcrypt support so when someone migrates
passwords between UnixWare and OpenServer they will still work. OK dtucker@
-$Id: ChangeLog,v 1.4879 2008/03/15 06:27:58 djm Exp $
+$Id: ChangeLog,v 1.4880 2008/03/26 20:27:20 dtucker Exp $
diff --git a/openbsd-compat/port-linux.c b/openbsd-compat/port-linux.c
index 2f697e7d..ad262758 100644
--- a/openbsd-compat/port-linux.c
+++ b/openbsd-compat/port-linux.c
@@ -1,4 +1,4 @@
-/* $Id: port-linux.c,v 1.4 2007/06/27 22:48:03 djm Exp $ */
+/* $Id: port-linux.c,v 1.5 2008/03/26 20:27:21 dtucker Exp $ */
/*
* Copyright (c) 2005 Daniel Walsh <dwalsh@redhat.com>
@@ -36,7 +36,7 @@
#include <selinux/get_context_list.h>
/* Wrapper around is_selinux_enabled() to log its return value once only */
-static int
+int
ssh_selinux_enabled(void)
{
static int enabled = -1;
diff --git a/openbsd-compat/port-linux.h b/openbsd-compat/port-linux.h
index 05e520e1..5cd39bf8 100644
--- a/openbsd-compat/port-linux.h
+++ b/openbsd-compat/port-linux.h
@@ -1,4 +1,4 @@
-/* $Id: port-linux.h,v 1.1 2006/04/22 11:26:08 djm Exp $ */
+/* $Id: port-linux.h,v 1.2 2008/03/26 20:27:21 dtucker Exp $ */
/*
* Copyright (c) 2006 Damien Miller <djm@openbsd.org>
@@ -20,6 +20,7 @@
#define _PORT_LINUX_H
#ifdef WITH_SELINUX
+int ssh_selinux_enabled(void);
void ssh_selinux_setup_pty(char *, const char *);
void ssh_selinux_setup_exec_context(char *);
#endif
diff --git a/session.c b/session.c
index 92282f92..54621a4c 100644
--- a/session.c
+++ b/session.c
@@ -1345,6 +1345,11 @@ do_setusercontext(struct passwd *pw)
{
char *chroot_path, *tmp;
+#ifdef WITH_SELINUX
+ /* Cache selinux status for later use */
+ (void)ssh_selinux_enabled();
+#endif
+
#ifndef HAVE_CYGWIN
if (getuid() == 0 || geteuid() == 0)
#endif /* HAVE_CYGWIN */