openssh-selinux-pld.patch

   1 diff -urN openssh-3.9p1.org/session.c openssh-3.9p1/session.c
   2 --- openssh-3.9p1.org/session.c 2004-08-17 19:17:21.188103816 +0200
   3 +++ openssh-3.9p1/session.c     2004-08-17 19:21:15.548475624 +0200
   4 @@ -1310,15 +1310,23 @@
   5         if (getuid() != pw->pw_uid || geteuid() != pw->pw_uid)
   6                 fatal("Failed to set uids to %u.", (u_int) pw->pw_uid);
   7  #ifdef WITH_SELINUX
   8 -       if (is_selinux_enabled()>0)
   9 +       if (is_selinux_enabled() > 0)
  10           {
  11             security_context_t scontext;
  12 -           if (get_default_context(pw->pw_name,NULL,&scontext))
  13 -             fatal("Failed to get default security context for %s.", pw->pw_name);
  14 -           if (setexeccon(scontext)) {
  15 -             fatal("Failed to set exec security context %s for %s.", scontext, pw->pw_name);
  16 +           if (get_default_context(pw->pw_name,NULL,&scontext)) {
  17 +             if (security_getenforce() > 0)
  18 +                 fatal("Failed to get default security context for %s.", pw->pw_name);
  19 +             else
  20 +                 error("Failed to get default security context for %s (SELinux in permissive mode, continuing).", pw->pw_name);
  21 +           } else {
  22 +               if (setexeccon(scontext)) {
  23 +                   if (security_getenforce() > 0)
  24 +                       fatal("Failed to set exec security context %s for %s.", scontext, pw->pw_name);
  25 +                   else
  26 +                       error("Failed to set exec security context %s for %s (SELinux in permissive mode, continuing).", scontext, pw->pw_name);
  27 +               }
  28 +               freecon(scontext);
  29             }
  30 -           freecon(scontext);
  31           }
  32  #endif
  33  }
  34 diff -urN openssh-3.9p1.org/sshpty.c openssh-3.9p1/sshpty.c
  35 --- openssh-3.9p1.org/sshpty.c  2004-08-17 19:17:21.189103664 +0200
  36 +++ openssh-3.9p1/sshpty.c      2004-08-17 19:20:59.265950944 +0200
  37 @@ -207,8 +207,12 @@
  38                 security_context_t      new_tty_context=NULL,
  39                                         user_context=NULL,
  40                                         old_tty_context=NULL;
  41 -               if (get_default_context(pw->pw_name,NULL,&user_context))
  42 -                       fatal("Failed to get default security context for %s.", pw->pw_name);
  43 +               if (get_default_context(pw->pw_name,NULL,&user_context)) {
  44 +                       if (security_getenforce() > 0)
  45 +                               fatal("Failed to get default security context for %s.", pw->pw_name);
  46 +                       else
  47 +                               error("Failed to get default security context for %s (SELinux in permissive mode, continuing).", pw->pw_name);
  48 +               } else {
  49
  50                 if (getfilecon(tty, &old_tty_context)<0) {
  51                         error("getfilecon(%.100s) failed: %.100s", tty, strerror(errno));
  52 @@ -225,6 +229,7 @@
  53                         freecon(old_tty_context);
  54                 }
  55                 freecon(user_context);
  56 +               }
  57         }
  58  #endif
  59