]>
Commit | Line | Data |
---|---|---|
99b5700c AM |
1 | diff -urN openssh-3.9p1.org/session.c openssh-3.9p1/session.c |
2 | --- openssh-3.9p1.org/session.c 2004-08-17 19:17:21.188103816 +0200 | |
3 | +++ openssh-3.9p1/session.c 2004-08-17 19:21:15.548475624 +0200 | |
4 | @@ -1310,15 +1310,23 @@ | |
424d4b74 AM |
5 | if (getuid() != pw->pw_uid || geteuid() != pw->pw_uid) |
6 | fatal("Failed to set uids to %u.", (u_int) pw->pw_uid); | |
7 | #ifdef WITH_SELINUX | |
c228aa77 | 8 | - if (is_selinux_enabled()>0) |
424d4b74 AM |
9 | + if (is_selinux_enabled() > 0) |
10 | { | |
11 | security_context_t scontext; | |
12 | - if (get_default_context(pw->pw_name,NULL,&scontext)) | |
13 | - fatal("Failed to get default security context for %s.", pw->pw_name); | |
14 | - if (setexeccon(scontext)) { | |
15 | - fatal("Failed to set exec security context %s for %s.", scontext, pw->pw_name); | |
16 | + if (get_default_context(pw->pw_name,NULL,&scontext)) { | |
99b5700c | 17 | + if (security_getenforce() > 0) |
424d4b74 AM |
18 | + fatal("Failed to get default security context for %s.", pw->pw_name); |
19 | + else | |
20 | + error("Failed to get default security context for %s (SELinux in permissive mode, continuing).", pw->pw_name); | |
21 | + } else { | |
22 | + if (setexeccon(scontext)) { | |
99b5700c | 23 | + if (security_getenforce() > 0) |
424d4b74 AM |
24 | + fatal("Failed to set exec security context %s for %s.", scontext, pw->pw_name); |
25 | + else | |
26 | + error("Failed to set exec security context %s for %s (SELinux in permissive mode, continuing).", scontext, pw->pw_name); | |
27 | + } | |
28 | + freecon(scontext); | |
29 | } | |
30 | - freecon(scontext); | |
31 | } | |
32 | #endif | |
33 | } | |
99b5700c AM |
34 | diff -urN openssh-3.9p1.org/sshpty.c openssh-3.9p1/sshpty.c |
35 | --- openssh-3.9p1.org/sshpty.c 2004-08-17 19:17:21.189103664 +0200 | |
36 | +++ openssh-3.9p1/sshpty.c 2004-08-17 19:20:59.265950944 +0200 | |
37 | @@ -207,8 +207,12 @@ | |
38 | security_context_t new_tty_context=NULL, | |
39 | user_context=NULL, | |
40 | old_tty_context=NULL; | |
41 | - if (get_default_context(pw->pw_name,NULL,&user_context)) | |
42 | - fatal("Failed to get default security context for %s.", pw->pw_name); | |
43 | + if (get_default_context(pw->pw_name,NULL,&user_context)) { | |
44 | + if (security_getenforce() > 0) | |
45 | + fatal("Failed to get default security context for %s.", pw->pw_name); | |
46 | + else | |
47 | + error("Failed to get default security context for %s (SELinux in permissive mode, continuing).", pw->pw_name); | |
48 | + } else { | |
49 | ||
50 | if (getfilecon(tty, &old_tty_context)<0) { | |
51 | error("getfilecon(%.100s) failed: %.100s", tty, strerror(errno)); | |
52 | @@ -225,6 +229,7 @@ | |
53 | freecon(old_tty_context); | |
54 | } | |
55 | freecon(user_context); | |
56 | + } | |
424d4b74 AM |
57 | } |
58 | #endif | |
99b5700c | 59 |