diff options
| author | des <des@FreeBSD.org> | 2011-10-05 22:08:17 +0000 |
|---|---|---|
| committer | des <des@FreeBSD.org> | 2011-10-05 22:08:17 +0000 |
| commit | 038442ad80c21a07c19532a176030e2ca51fdd9d (patch) | |
| tree | 654e40360db9b6bb67928b3a5c1b5dbd84925000 /crypto/openssh/openbsd-compat/port-linux.c | |
| parent | 2276ee273397e0ccd5c7911848e3de9bd91fb1c2 (diff) | |
| parent | a9c7316f0b012b7e85d1a1c4d8b6ce36b9fd9604 (diff) | |
| download | FreeBSD-src-038442ad80c21a07c19532a176030e2ca51fdd9d.zip FreeBSD-src-038442ad80c21a07c19532a176030e2ca51fdd9d.tar.gz | |
Upgrade to OpenSSH 5.9p1.
MFC after: 3 months
Diffstat (limited to 'crypto/openssh/openbsd-compat/port-linux.c')
| -rw-r--r-- | crypto/openssh/openbsd-compat/port-linux.c | 24 |
1 files changed, 19 insertions, 5 deletions
diff --git a/crypto/openssh/openbsd-compat/port-linux.c b/crypto/openssh/openbsd-compat/port-linux.c index fe6fc2d..ea8dff4 100644 --- a/crypto/openssh/openbsd-compat/port-linux.c +++ b/crypto/openssh/openbsd-compat/port-linux.c @@ -1,4 +1,4 @@ -/* $Id: port-linux.c,v 1.11.4.3 2011/02/06 02:24:17 dtucker Exp $ */ +/* $Id: port-linux.c,v 1.16 2011/08/29 06:09:57 djm Exp $ */ /* * Copyright (c) 2005 Daniel Walsh <dwalsh@redhat.com> @@ -38,6 +38,10 @@ #include <selinux/flask.h> #include <selinux/get_context_list.h> +#ifndef SSH_SELINUX_UNCONFINED_TYPE +# define SSH_SELINUX_UNCONFINED_TYPE ":unconfined_t:" +#endif + /* Wrapper around is_selinux_enabled() to log its return value once only */ int ssh_selinux_enabled(void) @@ -177,12 +181,13 @@ ssh_selinux_change_context(const char *newname) { int len, newlen; char *oldctx, *newctx, *cx; + void (*switchlog) (const char *fmt,...) = logit; if (!ssh_selinux_enabled()) return; if (getcon((security_context_t *)&oldctx) < 0) { - logit("%s: getcon failed with %s", __func__, strerror (errno)); + logit("%s: getcon failed with %s", __func__, strerror(errno)); return; } if ((cx = index(oldctx, ':')) == NULL || (cx = index(cx + 1, ':')) == @@ -191,6 +196,14 @@ ssh_selinux_change_context(const char *newname) return; } + /* + * Check whether we are attempting to switch away from an unconfined + * security context. + */ + if (strncmp(cx, SSH_SELINUX_UNCONFINED_TYPE, + sizeof(SSH_SELINUX_UNCONFINED_TYPE) - 1) == 0) + switchlog = debug3; + newlen = strlen(oldctx) + strlen(newname) + 1; newctx = xmalloc(newlen); len = cx - oldctx + 1; @@ -198,10 +211,11 @@ ssh_selinux_change_context(const char *newname) strlcpy(newctx + len, newname, newlen - len); if ((cx = index(cx + 1, ':'))) strlcat(newctx, cx, newlen); - debug3("%s: setting context from '%s' to '%s'", __func__, oldctx, - newctx); + debug3("%s: setting context from '%s' to '%s'", __func__, + oldctx, newctx); if (setcon(newctx) < 0) - logit("%s: setcon failed with %s", __func__, strerror (errno)); + switchlog("%s: setcon %s from %s failed with %s", __func__, + newctx, oldctx, strerror(errno)); xfree(oldctx); xfree(newctx); } |
