From 0b639bf6eaa2bfec78231e9e2dad445bde758796 Mon Sep 17 00:00:00 2001 From: dtucker Date: Wed, 26 Mar 2008 20:27:20 +0000 Subject: [PATCH] - (dtucker) Cache selinux status earlier so we know if it's enabled after a chroot. Allows ChrootDirectory to work with selinux support compiled in but not enabled. Using it with selinux enabled will require some selinux support inside the chroot. "looks sane" djm@ --- ChangeLog | 6 ++++++ openbsd-compat/port-linux.c | 2 +- openbsd-compat/port-linux.h | 1 + session.c | 5 +++++ 4 files changed, 13 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index ea5d59a4..39708038 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,9 @@ +20080327 + - (dtucker) Cache selinux status earlier so we know if it's enabled after a + chroot. Allows ChrootDirectory to work with selinux support compiled in + but not enabled. Using it with selinux enabled will require some selinux + support inside the chroot. "looks sane" djm@ + 20080315 - (djm) [regress/test-exec.sh] Quote putty-related variables in case they are empty; report and patch from Peter Stuge diff --git a/openbsd-compat/port-linux.c b/openbsd-compat/port-linux.c index 45615eab..2e7970e6 100644 --- a/openbsd-compat/port-linux.c +++ b/openbsd-compat/port-linux.c @@ -36,7 +36,7 @@ #include /* Wrapper around is_selinux_enabled() to log its return value once only */ -static int +int ssh_selinux_enabled(void) { static int enabled = -1; diff --git a/openbsd-compat/port-linux.h b/openbsd-compat/port-linux.h index ccb42dfc..36edd554 100644 --- a/openbsd-compat/port-linux.h +++ b/openbsd-compat/port-linux.h @@ -20,6 +20,7 @@ #define _PORT_LINUX_H #ifdef WITH_SELINUX +int ssh_selinux_enabled(void); void ssh_selinux_setup_pty(char *, const char *); void ssh_selinux_setup_exec_context(char *); #endif diff --git a/session.c b/session.c index 92282f92..54621a4c 100644 --- a/session.c +++ b/session.c @@ -1345,6 +1345,11 @@ do_setusercontext(struct passwd *pw) { char *chroot_path, *tmp; +#ifdef WITH_SELINUX + /* Cache selinux status for later use */ + (void)ssh_selinux_enabled(); +#endif + #ifndef HAVE_CYGWIN if (getuid() == 0 || geteuid() == 0) #endif /* HAVE_CYGWIN */ -- 2.45.1