- (dtucker) Cache selinux status earlier so we know if it's enabled after a

chroot. Allows ChrootDirectory to work with selinux support compiled in but not enabled. Using it with selinux enabled will require some selinux support inside the chroot. "looks sane" djm@
2008-03-27 07:27:20 +11:00 · 2008-03-27 07:27:20 +11:00 · b8eb586412
parent a193900674
commit b8eb586412
4 changed files with 16 additions and 4 deletions
--- a/8
+++ b/8
@ -1,3 +1,9 @@
+20080327
+ - (dtucker) Cache selinux status earlier so we know if it's enabled after a
+   chroot.  Allows ChrootDirectory to work with selinux support compiled in
+   but not enabled.  Using it with selinux enabled will require some selinux
+   support inside the chroot.  "looks sane" djm@
+
 20080315
 - (djm) [regress/test-exec.sh] Quote putty-related variables in case they are
   empty; report and patch from Peter Stuge
@ -3765,4 +3771,4 @@
   OpenServer 6 and add osr5bigcrypt support so when someone migrates
   passwords between UnixWare and OpenServer they will still work. OK dtucker@

-$Id: ChangeLog,v 1.4879 2008/03/15 06:27:58 djm Exp $
+$Id: ChangeLog,v 1.4880 2008/03/26 20:27:20 dtucker Exp $
--- a/openbsd-compat/port-linux.c
+++ b/openbsd-compat/port-linux.c
@ -1,4 +1,4 @@
-/* $Id: port-linux.c,v 1.4 2007/06/27 22:48:03 djm Exp $ */
+/* $Id: port-linux.c,v 1.5 2008/03/26 20:27:21 dtucker Exp $ */

 /*
 * Copyright (c) 2005 Daniel Walsh <dwalsh@redhat.com>
@ -36,7 +36,7 @@
 #include <selinux/get_context_list.h>

 /* Wrapper around is_selinux_enabled() to log its return value once only */
-static int
+int
 ssh_selinux_enabled(void)
 {
 	static int enabled = -1;
--- a/openbsd-compat/port-linux.h
+++ b/openbsd-compat/port-linux.h
@ -1,4 +1,4 @@
-/* $Id: port-linux.h,v 1.1 2006/04/22 11:26:08 djm Exp $ */
+/* $Id: port-linux.h,v 1.2 2008/03/26 20:27:21 dtucker Exp $ */

 /*
 * Copyright (c) 2006 Damien Miller <djm@openbsd.org>
@ -20,6 +20,7 @@
 #define _PORT_LINUX_H

 #ifdef WITH_SELINUX
+int ssh_selinux_enabled(void);
 void ssh_selinux_setup_pty(char *, const char *);
 void ssh_selinux_setup_exec_context(char *);
 #endif
--- a/session.c
+++ b/session.c
@ -1345,6 +1345,11 @@ do_setusercontext(struct passwd *pw)
 {
 	char *chroot_path, *tmp;

+#ifdef WITH_SELINUX
+	/* Cache selinux status for later use */
+	(void)ssh_selinux_enabled();
+#endif
+
 #ifndef HAVE_CYGWIN
 	if (getuid() == 0 || geteuid() == 0)
 #endif /* HAVE_CYGWIN */