SOURCES: openssh-selinux.patch - SELinux support merged; just fix ...

qboosh qboosh at pld-linux.org
Thu Oct 5 10:26:01 CEST 2006 

Author: qboosh                       Date: Thu Oct  5 08:26:01 2006 GMT
Module: SOURCES                       Tag: HEAD
---- Log message:
- SELinux support merged; just fix selinux detection

---- Files affected:
SOURCES:
   openssh-selinux.patch (1.6 -> 1.7) 

---- Diffs:

================================================================
Index: SOURCES/openssh-selinux.patch
diff -u SOURCES/openssh-selinux.patch:1.6 SOURCES/openssh-selinux.patch:1.7
--- SOURCES/openssh-selinux.patch:1.6	Tue Aug 17 19:23:08 2004
+++ SOURCES/openssh-selinux.patch	Thu Oct  5 10:25:55 2006
@@ -1,110 +1,11 @@
-diff -urN openssh-3.9p1.org/Makefile.in openssh-3.9p1/Makefile.in
---- openssh-3.9p1.org/Makefile.in	2004-08-17 19:03:29.052607640 +0200
-+++ openssh-3.9p1/Makefile.in	2004-08-17 19:07:48.572154672 +0200
-@@ -40,7 +40,7 @@
- 
- CC=@CC@
- LD=@LD@
--CFLAGS=@CFLAGS@
-+CFLAGS=@CFLAGS@ -DWITH_SELINUX
- CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ $(PATHS) @DEFS@
- LIBS=@LIBS@
- LIBPAM=@LIBPAM@
-@@ -134,7 +134,7 @@
- 	$(LD) -o $@ $(SSHOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
- 
- sshd$(EXEEXT): libssh.a	$(LIBCOMPAT) $(SSHDOBJS)
--	$(LD) -o $@ $(SSHDOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(LIBWRAP) $(LIBPAM) $(LIBS)
-+	$(LD) -o $@ $(SSHDOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(LIBWRAP) $(LIBPAM) $(LIBS) -lselinux
- 
- scp$(EXEEXT): $(LIBCOMPAT) libssh.a scp.o progressmeter.o
- 	$(LD) -o $@ scp.o progressmeter.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
-diff -urN openssh-3.9p1.org/session.c openssh-3.9p1/session.c
---- openssh-3.9p1.org/session.c	2004-08-17 19:03:29.189586816 +0200
-+++ openssh-3.9p1/session.c	2004-08-17 19:07:48.559156648 +0200
-@@ -66,6 +66,11 @@
- #include "ssh-gss.h"
- #endif
- 
-+#ifdef WITH_SELINUX
-+#include <selinux/get_context_list.h>
-+#include <selinux/selinux.h>
-+#endif
-+
- /* func */
- 
- Session *session_new(void);
-@@ -1304,6 +1309,18 @@
- #endif
- 	if (getuid() != pw->pw_uid || geteuid() != pw->pw_uid)
- 		fatal("Failed to set uids to %u.", (u_int) pw->pw_uid);
-+#ifdef WITH_SELINUX
-+	if (is_selinux_enabled()>0)
-+	  {
-+	    security_context_t scontext;
-+	    if (get_default_context(pw->pw_name,NULL,&scontext))
-+	      fatal("Failed to get default security context for %s.", pw->pw_name);
-+	    if (setexeccon(scontext)) {
-+	      fatal("Failed to set exec security context %s for %s.", scontext, pw->pw_name);
-+	    }
-+	    freecon(scontext);
-+	  }
-+#endif
- }
- 
- static void
-diff -urN openssh-3.9p1.org/sshpty.c openssh-3.9p1/sshpty.c
---- openssh-3.9p1.org/sshpty.c	2004-08-17 19:03:29.219582256 +0200
-+++ openssh-3.9p1/sshpty.c	2004-08-17 19:15:00.180540224 +0200
-@@ -22,6 +22,12 @@
- #include "log.h"
- #include "misc.h"
- 
-+#ifdef WITH_SELINUX
-+#include <selinux/flask.h>
-+#include <selinux/get_context_list.h>
-+#include <selinux/selinux.h>
-+#endif
-+
- #ifdef HAVE_PTY_H
- # include <pty.h>
- #endif
-@@ -196,6 +202,32 @@
- 	 * Warn but continue if filesystem is read-only and the uids match/
- 	 * tty is owned by root.
- 	 */
-+#ifdef WITH_SELINUX
-+	if (is_selinux_enabled()>0) {
-+		security_context_t	new_tty_context=NULL,
-+					user_context=NULL,
-+					old_tty_context=NULL;
-+		if (get_default_context(pw->pw_name,NULL,&user_context))
-+			fatal("Failed to get default security context for %s.", pw->pw_name);
-+	
-+		if (getfilecon(tty, &old_tty_context)<0) {
-+			error("getfilecon(%.100s) failed: %.100s", tty, strerror(errno));
-+		} else {
-+			if ( security_compute_relabel(user_context,old_tty_context,SECCLASS_CHR_FILE,&new_tty_context)!=0) {
-+				error("security_compute_relabel(%.100s) failed: %.100s", tty, strerror(errno));
-+			} else {
-+				if (setfilecon (tty, new_tty_context) != 0) {
-+					error("setfilecon(%.100s, %s) failed: %.100s",
-+						tty, new_tty_context, strerror(errno));
-+				}
-+				freecon(new_tty_context);
-+			}
-+			freecon(old_tty_context);
-+		}
-+		freecon(user_context);
-+	}
-+#endif
-+					
- 	if (stat(tty, &st))
- 		fatal("stat(%.100s) failed: %.100s", tty,
- 		    strerror(errno));
-@@ -225,4 +257,5 @@
- 				    tty, (u_int)mode, strerror(errno));
- 		}
+--- openssh-4.4p1/openbsd-compat/port-linux.c.orig	2006-09-01 07:38:41.000000000 +0200
++++ openssh-4.4p1/openbsd-compat/port-linux.c	2006-10-05 10:21:21.445971000 +0200
+@@ -42,7 +42,7 @@
+ 	static int enabled = -1;
+ 
+ 	if (enabled == -1) {
+-		enabled = is_selinux_enabled();
++		enabled = (is_selinux_enabled() > 0);
+ 		debug("SELinux support %s", enabled ? "enabled" : "disabled");
  	}
-+
- }
+ 
================================================================

---- CVS-web:
    http://cvs.pld-linux.org/SOURCES/openssh-selinux.patch?r1=1.6&r2=1.7&f=u

More information about the pld-cvs-commit mailing list