From b8a0f7a5ea8a9ae766a2765102c0dac772ede0b5 Mon Sep 17 00:00:00 2001 From: Jakub Jelen Date: Mar 30 2015 09:48:11 +0000 Subject: Fix handling SELinux context in MLS systems --- diff --git a/openssh-6.6p1-role-mls.patch b/openssh-6.6p1-role-mls.patch index e058f1e..da164d3 100644 --- a/openssh-6.6p1-role-mls.patch +++ b/openssh-6.6p1-role-mls.patch @@ -875,3 +875,20 @@ diff -up openssh-6.8p1/sshd.c.role-mls openssh-6.8p1/sshd.c #ifdef USE_PAM if (options.use_pam) { do_pam_setcred(1); +diff --git a/openbsd-compat/port-linux.c b/openbsd-compat/port-linux.c +index 22ea8ef..2660085 100644 +--- a/openbsd-compat/port-linux.c ++++ b/openbsd-compat/port-linux.c +@@ -116,7 +116,11 @@ ssh_selinux_setup_pty(char *pwname, const char *tty) + + debug3("%s: setting TTY context on %s", __func__, tty); + +- user_ctx = ssh_selinux_getctxbyname(pwname); ++ if (getexeccon(&user_ctx) != 0) { ++ error("%s: getexeccon: %s", __func__, strerror(errno)); ++ goto out; ++ } ++ + + /* XXX: should these calls fatal() upon failure in enforcing mode? */ +