From: Damien Miller <djm@mindrot.org>
Date: Wed, 12 Jul 2023 01:41:19 +0000 (+1000)
Subject: replace deprecate selinux matchpathcon function
X-Git-Tag: V_9_4_P1~49
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=8c7203bcee4c4f98a22487b4631fe068b992099b;p=thirdparty%2Fopenssh-portable.git

replace deprecate selinux matchpathcon function

This function is apparently deprecated. Documentation on what is the
supposed replacement is is non-existent, so this follows the approach
glibc used https://sourceware.org/git/?p=glibc.git;a=patch;h=f278835f59

ok dtucker@
---

diff --git a/openbsd-compat/port-linux.c b/openbsd-compat/port-linux.c
index 77cb8213a..4ca8c2b71 100644
--- a/openbsd-compat/port-linux.c
+++ b/openbsd-compat/port-linux.c
@@ -34,6 +34,7 @@
 
 #ifdef WITH_SELINUX
 #include <selinux/selinux.h>
+#include <selinux/label.h>
 #include <selinux/get_context_list.h>
 
 #ifndef SSH_SELINUX_UNCONFINED_TYPE
@@ -222,6 +223,7 @@ void
 ssh_selinux_setfscreatecon(const char *path)
 {
 	char *context;
+	struct selabel_handle *shandle = NULL;
 
 	if (!ssh_selinux_enabled())
 		return;
@@ -229,8 +231,13 @@ ssh_selinux_setfscreatecon(const char *path)
 		setfscreatecon(NULL);
 		return;
 	}
-	if (matchpathcon(path, 0700, &context) == 0)
+	if ((shandle = selabel_open(SELABEL_CTX_FILE, NULL, 0)) == NULL) {
+		debug_f("selabel_open failed");
+		return;
+	}
+	if (selabel_lookup(shandle, &context, path, 0700) == 0)
 		setfscreatecon(context);
+	selabel_close(shandle);
 }
 
 #endif /* WITH_SELINUX */