]>
Commit | Line | Data |
---|---|---|
9d8fd3ad SS |
1 | diff -up openssh-5.9p0/openbsd-compat/port-linux.c.sftp-chroot openssh-5.9p0/openbsd-compat/port-linux.c |
2 | --- openssh-5.9p0/openbsd-compat/port-linux.c.sftp-chroot 2011-09-01 04:12:22.743024608 +0200 | |
3 | +++ openssh-5.9p0/openbsd-compat/port-linux.c 2011-09-01 04:12:23.069088065 +0200 | |
4 | @@ -503,6 +503,23 @@ ssh_selinux_change_context(const char *n | |
5 | xfree(newctx); | |
6 | } | |
7 | ||
8 | +void | |
9 | +ssh_selinux_copy_context(void) | |
10 | +{ | |
11 | + char *ctx; | |
12 | + | |
13 | + if (!ssh_selinux_enabled()) | |
14 | + return; | |
15 | + | |
16 | + if (getexeccon((security_context_t *)&ctx) < 0) { | |
17 | + logit("%s: getcon failed with %s", __func__, strerror (errno)); | |
18 | + return; | |
19 | + } | |
20 | + if (setcon(ctx) < 0) | |
21 | + logit("%s: setcon failed with %s", __func__, strerror (errno)); | |
22 | + xfree(ctx); | |
23 | +} | |
24 | + | |
25 | #endif /* WITH_SELINUX */ | |
26 | ||
27 | #ifdef LINUX_OOM_ADJUST | |
28 | diff -up openssh-5.9p0/openbsd-compat/port-linux.h.sftp-chroot openssh-5.9p0/openbsd-compat/port-linux.h | |
29 | --- openssh-5.9p0/openbsd-compat/port-linux.h.sftp-chroot 2011-01-25 02:16:18.000000000 +0100 | |
30 | +++ openssh-5.9p0/openbsd-compat/port-linux.h 2011-09-01 04:12:23.163088777 +0200 | |
31 | @@ -24,6 +24,7 @@ int ssh_selinux_enabled(void); | |
32 | void ssh_selinux_setup_pty(char *, const char *); | |
33 | void ssh_selinux_setup_exec_context(char *); | |
34 | void ssh_selinux_change_context(const char *); | |
35 | +void ssh_selinux_chopy_context(void); | |
36 | void ssh_selinux_setfscreatecon(const char *); | |
37 | #endif | |
38 | ||
39 | diff -up openssh-5.9p0/session.c.sftp-chroot openssh-5.9p0/session.c | |
40 | --- openssh-5.9p0/session.c.sftp-chroot 2011-09-01 04:12:19.698049195 +0200 | |
41 | +++ openssh-5.9p0/session.c 2011-09-01 04:40:03.598148719 +0200 | |
42 | @@ -1519,6 +1519,9 @@ do_setusercontext(struct passwd *pw) | |
43 | pw->pw_uid); | |
44 | chroot_path = percent_expand(tmp, "h", pw->pw_dir, | |
45 | "u", pw->pw_name, (char *)NULL); | |
46 | +#ifdef WITH_SELINUX | |
47 | + ssh_selinux_change_context("chroot_user_t"); | |
48 | +#endif | |
49 | safely_chroot(chroot_path, pw->pw_uid); | |
50 | free(tmp); | |
51 | free(chroot_path); | |
52 | @@ -1788,7 +1791,10 @@ do_child(Session *s, const char *command | |
53 | optind = optreset = 1; | |
54 | __progname = argv[0]; | |
55 | #ifdef WITH_SELINUX | |
56 | - ssh_selinux_change_context("sftpd_t"); | |
57 | + if (options.chroot_directory == NULL || | |
58 | + strcasecmp(options.chroot_directory, "none") == 0) { | |
59 | + ssh_selinux_copy_context(); | |
60 | + } | |
61 | #endif | |
62 | exit(sftp_server_main(i, argv, s->pw)); | |
63 | } |