From c3bb4552cf6452a4cdd3dde0535f075114670ad9 Mon Sep 17 00:00:00 2001 From: Petr Lautrbach Date: Feb 17 2012 10:35:49 +0000 Subject: adjust openssh-5.9p1-privsep-selinux.patch also for internal sftp subsystem --- diff --git a/openssh-5.9p1-privsep-selinux.patch b/openssh-5.9p1-privsep-selinux.patch index 96143ed..7819a46 100644 --- a/openssh-5.9p1-privsep-selinux.patch +++ b/openssh-5.9p1-privsep-selinux.patch @@ -16,7 +16,7 @@ index 436ea48..49c9321 100644 if (getuid() != pw->pw_uid || geteuid() != pw->pw_uid) fatal("Failed to set uids to %u.", (u_int) pw->pw_uid); } -@@ -1693,7 +1700,9 @@ do_child(Session *s, const char *command) +@@ -1670,7 +1677,9 @@ do_child(Session *s, const char *command /* When PAM is enabled we rely on it to do the nologin check */ if (!options.use_pam) do_nologin(pw); @@ -27,3 +27,14 @@ index 436ea48..49c9321 100644 /* * PAM session modules in do_setusercontext may have * generated messages, so if this in an interactive +@@ -1791,8 +1800,8 @@ do_child(Session *s, const char *command + optind = optreset = 1; + __progname = argv[0]; + #ifdef WITH_SELINUX +- if (options.chroot_directory == NULL || +- strcasecmp(options.chroot_directory, "none") == 0) { ++ if (!use_privsep && ++ (options.chroot_directory == NULL || strcasecmp(options.chroot_directory, "none") == 0)) { + ssh_selinux_copy_context(); + } + #endif