+++ /dev/null
-diff -urN openssh-3.9p1.org/session.c openssh-3.9p1/session.c
---- openssh-3.9p1.org/session.c 2004-08-17 19:17:21.188103816 +0200
-+++ openssh-3.9p1/session.c 2004-08-17 19:21:15.548475624 +0200
-@@ -1310,15 +1310,23 @@
- if (getuid() != pw->pw_uid || geteuid() != pw->pw_uid)
- fatal("Failed to set uids to %u.", (u_int) pw->pw_uid);
- #ifdef WITH_SELINUX
-- if (is_selinux_enabled()>0)
-+ if (is_selinux_enabled() > 0)
- {
- security_context_t scontext;
-- if (get_default_context(pw->pw_name,NULL,&scontext))
-- fatal("Failed to get default security context for %s.", pw->pw_name);
-- if (setexeccon(scontext)) {
-- fatal("Failed to set exec security context %s for %s.", scontext, pw->pw_name);
-+ if (get_default_context(pw->pw_name,NULL,&scontext)) {
-+ if (security_getenforce() > 0)
-+ fatal("Failed to get default security context for %s.", pw->pw_name);
-+ else
-+ error("Failed to get default security context for %s (SELinux in permissive mode, continuing).", pw->pw_name);
-+ } else {
-+ if (setexeccon(scontext)) {
-+ if (security_getenforce() > 0)
-+ fatal("Failed to set exec security context %s for %s.", scontext, pw->pw_name);
-+ else
-+ error("Failed to set exec security context %s for %s (SELinux in permissive mode, continuing).", scontext, pw->pw_name);
-+ }
-+ freecon(scontext);
- }
-- freecon(scontext);
- }
- #endif
- }
-diff -urN openssh-3.9p1.org/sshpty.c openssh-3.9p1/sshpty.c
---- openssh-3.9p1.org/sshpty.c 2004-08-17 19:17:21.189103664 +0200
-+++ openssh-3.9p1/sshpty.c 2004-08-17 19:20:59.265950944 +0200
-@@ -207,8 +207,12 @@
- security_context_t new_tty_context=NULL,
- user_context=NULL,
- old_tty_context=NULL;
-- if (get_default_context(pw->pw_name,NULL,&user_context))
-- fatal("Failed to get default security context for %s.", pw->pw_name);
-+ if (get_default_context(pw->pw_name,NULL,&user_context)) {
-+ if (security_getenforce() > 0)
-+ fatal("Failed to get default security context for %s.", pw->pw_name);
-+ else
-+ error("Failed to get default security context for %s (SELinux in permissive mode, continuing).", pw->pw_name);
-+ } else {
-
- if (getfilecon(tty, &old_tty_context)<0) {
- error("getfilecon(%.100s) failed: %.100s", tty, strerror(errno));
-@@ -225,6 +229,7 @@
- freecon(old_tty_context);
- }
- freecon(user_context);
-+ }
- }
- #endif
-