1 --- openssh-3.6.1p2/session.c.selinux 2003-10-13 10:22:17.975083901 -0400
2 +++ openssh-3.6.1p2/session.c 2003-10-13 10:22:34.399253449 -0400
5 #include "monitor_wrap.h"
8 +#include <selinux/get_context_list.h>
9 +#include <selinux/selinux.h>
14 #include <sys/cygwin.h>
15 @@ -1268,6 +1273,18 @@
17 if (getuid() != pw->pw_uid || geteuid() != pw->pw_uid)
18 fatal("Failed to set uids to %u.", (u_int) pw->pw_uid);
20 + if (is_selinux_enabled())
22 + security_context_t scontext;
23 + if (get_default_context(pw->pw_name,NULL,&scontext))
24 + fatal("Failed to get default security context for %s.", pw->pw_name);
25 + if (setexeccon(scontext)) {
26 + fatal("Failed to set exec security context %s for %s.", scontext, pw->pw_name);
34 --- openssh-3.6.1p2/sshpty.c.selinux 2003-02-23 19:54:10.000000000 -0500
35 +++ openssh-3.6.1p2/sshpty.c 2003-10-13 10:22:18.079072312 -0400
41 +#include <selinux/flask.h>
42 +#include <selinux/get_context_list.h>
43 +#include <selinux/selinux.h>
46 /* Pty allocated with _getpty gets broken if we do I_PUSH:es to it. */
47 #if defined(HAVE__GETPTY) || defined(HAVE_OPENPTY)
50 * Warn but continue if filesystem is read-only and the uids match/
51 * tty is owned by root.
54 + if (is_selinux_enabled()) {
55 + security_context_t new_tty_context=NULL,
56 + user_context=NULL, old_tty_context=NULL;
58 + if (get_default_context(pw->pw_name,NULL,&user_context))
59 + fatal("Failed to get default security context for %s.", pw->pw_name);
61 + if (getfilecon(ttyname, &old_tty_context)<0) {
62 + error("getfilecon(%.100s) failed: %.100s", ttyname,
67 + if ( security_compute_relabel(user_context,old_tty_context,SECCLASS_CHR_FILE,&new_tty_context)!=0) {
68 + error("security_compute_relabel(%.100s) failed: %.100s", ttyname,
73 + if (setfilecon (ttyname, new_tty_context) != 0) {
74 + error("setfilecon(%.100s, %s) failed: %.100s",
75 + ttyname, new_tty_context, strerror(errno));
77 + freecon(new_tty_context);
79 + freecon(old_tty_context);
81 + freecon(user_context);
84 if (stat(ttyname, &st))
85 fatal("stat(%.100s) failed: %.100s", ttyname,
88 ttyname, mode, strerror(errno));
93 --- openssh-3.6.1p2/Makefile.in.selinux 2003-04-29 05:12:08.000000000 -0400
94 +++ openssh-3.6.1p2/Makefile.in 2003-10-13 10:22:18.080072200 -0400
100 +CFLAGS=@CFLAGS@ -DWITH_SELINUX
101 CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ $(PATHS) @DEFS@
107 XAUTH_PATH=@XAUTH_PATH@
108 -LDFLAGS=-L. -Lopenbsd-compat/ @LDFLAGS@
109 +LDFLAGS=-L. -Lopenbsd-compat/ @LDFLAGS@ -lselinux
112 INSTALL_SSH_PRNG_CMDS=@INSTALL_SSH_PRNG_CMDS@