- (djm) [openbsd-compat/port-linux.c] Check whether SELinux is enabled

   before attempting setfscreatecon(). Check whether matchpathcon()
   succeeded before using its result. Patch from cjwatson AT debian.org;
   bz#1851

diff --git a/ChangeLog b/ChangeLog
index 79e93eea5127e1d2bd0976755b2fe4cd36f4226a..a69ed9fdeee9bc0bc7702bdc13b7837ba8fb6359 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,9 @@
+20110128
+ - (djm) [openbsd-compat/port-linux.c] Check whether SELinux is enabled
+   before attempting setfscreatecon(). Check whether matchpathcon()
+   succeeded before using its result. Patch from cjwatson AT debian.org;
+   bz#1851
+
 20110127
  - (tim) [config.guess config.sub] Sync with upstream.
  - (tim) [configure.ac] Consistent M4 quoting throughout, updated obsolete

diff --git a/openbsd-compat/port-linux.c b/openbsd-compat/port-linux.c
index b152efc2955bb02f18272ea89783788208330ea8..eb280e616601767eb7d5f7e2375b2ef0c2868089 100644 (file)
--- a/openbsd-compat/port-linux.c
+++ b/openbsd-compat/port-linux.c
@@ -1,4 +1,4 @@
-/* $Id: port-linux.c,v 1.12 2011/01/25 01:16:18 djm Exp $ */
+/* $Id: port-linux.c,v 1.13 2011/01/27 23:30:20 djm Exp $ */
 
 /*
  * Copyright (c) 2005 Daniel Walsh <dwalsh@redhat.com>
@@ -209,13 +209,15 @@ ssh_selinux_change_context(const char *newname)
 void
 ssh_selinux_setfscreatecon(const char *path)
 {
-               security_context_t context;
+       security_context_t context;
 
-               if (path == NULL) {
-                       setfscreatecon(NULL);
-                       return;
-               }
-               matchpathcon(path, 0700, &context);
+       if (!ssh_selinux_enabled())
+               return;
+       if (path == NULL)
+               setfscreatecon(NULL);
+               return;
+       }
+       if (matchpathcon(path, 0700, &context) == 0)
                setfscreatecon(context);
 }