replace deprecate selinux matchpathcon function

This function is apparently deprecated. Documentation on what is the supposed replacement is is non-existent, so this follows the approach glibc used https://sourceware.org/git/?p=glibc.git;a=patch;h=f278835f59 ok dtucker@
2023-07-12 11:41:19 +10:00 · 2023-07-12 11:41:19 +10:00 · 8c7203bcee
parent 7e8800f5d7
commit 8c7203bcee
1 changed files with 8 additions and 1 deletions
--- a/openbsd-compat/port-linux.c
+++ b/openbsd-compat/port-linux.c
@ -34,6 +34,7 @@

 #ifdef WITH_SELINUX
 #include <selinux/selinux.h>
+#include <selinux/label.h>
 #include <selinux/get_context_list.h>

 #ifndef SSH_SELINUX_UNCONFINED_TYPE
@ -222,6 +223,7 @@ void
 ssh_selinux_setfscreatecon(const char *path)
 {
 	char *context;
+	struct selabel_handle *shandle = NULL;

 	if (!ssh_selinux_enabled())
 		return;
@ -229,8 +231,13 @@ ssh_selinux_setfscreatecon(const char *path)
 		setfscreatecon(NULL);
 		return;
 	}
-	if (matchpathcon(path, 0700, &context) == 0)
+	if ((shandle = selabel_open(SELABEL_CTX_FILE, NULL, 0)) == NULL) {
+		debug_f("selabel_open failed");
+		return;
+	}
+	if (selabel_lookup(shandle, &context, path, 0700) == 0)
 		setfscreatecon(context);
+	selabel_close(shandle);
 }

 #endif /* WITH_SELINUX */