Attachment #1124 for bug #880

Lines 43-48 LD=@LD@ Link Here

(-)Makefile.in (-1 / +2 lines)
43	CFLAGS=@CFLAGS@	43	CFLAGS=@CFLAGS@
44	CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ $(PATHS) @DEFS@	44	CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ $(PATHS) @DEFS@
45	LIBS=@LIBS@	45	LIBS=@LIBS@
		46	LIBSELINUX=@LIBSELINUX@
46	LIBEDIT=@LIBEDIT@	47	LIBEDIT=@LIBEDIT@
47	LIBPAM=@LIBPAM@	48	LIBPAM=@LIBPAM@
48	LIBWRAP=@LIBWRAP@	49	LIBWRAP=@LIBWRAP@
Lines 136-142 ssh$(EXEEXT): $(LIBCOMPAT) libssh.a $(SS Link Here
136	$(LD) -o $@ $(SSHOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)	137	$(LD) -o $@ $(SSHOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
137		138
138	sshd$(EXEEXT): libssh.a $(LIBCOMPAT) $(SSHDOBJS)	139	sshd$(EXEEXT): libssh.a $(LIBCOMPAT) $(SSHDOBJS)
139	$(LD) -o $@ $(SSHDOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(LIBWRAP) $(LIBPAM) $(LIBS)	140	$(LD) -o $@ $(SSHDOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(LIBWRAP) $(LIBPAM) $(LIBSELINUX) $(LIBS)
140		141
141	scp$(EXEEXT): $(LIBCOMPAT) libssh.a scp.o progressmeter.o	142	scp$(EXEEXT): $(LIBCOMPAT) libssh.a scp.o progressmeter.o
142	$(LD) -o $@ scp.o progressmeter.o bufaux.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)	143	$(LD) -o $@ scp.o progressmeter.o bufaux.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)




			[#include <arpa/nameser.h>])
	])

# Check whether user wants SELinux support
SELINUX_MSG="no"
LIBSELINUX=""
AC_ARG_WITH(selinux,
	[  --with-selinux   Enable SELinux support],
	[ if test "x$withval" != "xno" ; then
		AC_DEFINE(WITH_SELINUX,1,[Define if you want SELinux support.])
		SELINUX_MSG="yes"
		AC_CHECK_HEADER([selinux/selinux.h], ,
		    AC_MSG_ERROR(SELinux support requires selinux.h header))
		AC_CHECK_LIB(selinux, setexeccon, [ LIBSELINUX="-lselinux" ],
		    AC_MSG_ERROR(SELinux support requires libselinux library))
		AC_CHECK_FUNCS(getseuserbyname get_default_context_with_level)
	fi ]
)
AC_SUBST(LIBSELINUX)

# Check whether user wants Kerberos 5 support
KRB5_MSG="no"
AC_ARG_WITH(kerberos5,

echo "                    Manpage format: $MANTYPE"
echo "                       PAM support: $PAM_MSG"
echo "                 KerberosV support: $KRB5_MSG"
echo "                   SELinux support: $SELINUX_MSG"
echo "                 Smartcard support: $SCARD_MSG"
echo "                     S/KEY support: $SKEY_MSG"
echo "              TCP Wrappers support: $TCPW_MSG"

Lines 1352-1357 do_setusercontext(struct passwd *pw) Link Here

(-)session.c (+4 lines)
1352	#endif	1352	#endif
1353	if (getuid() != pw->pw_uid \|\| geteuid() != pw->pw_uid)	1353	if (getuid() != pw->pw_uid \|\| geteuid() != pw->pw_uid)
1354	fatal("Failed to set uids to %u.", (u_int) pw->pw_uid);	1354	fatal("Failed to set uids to %u.", (u_int) pw->pw_uid);
		1355
		1356	#ifdef WITH_SELINUX
		1357	ssh_selinux_setup_exec_context(pw->pw_name);
		1358	#endif
1355	}	1359	}
1356		1360
1357	static void	1361	static void

Lines 210-215 pty_setowner(struct passwd *pw, const ch Link Here

(-)sshpty.c (+4 lines)
210	fatal("stat(%.100s) failed: %.100s", tty,	210	fatal("stat(%.100s) failed: %.100s", tty,
211	strerror(errno));	211	strerror(errno));
212		212
		213	#ifdef WITH_SELINUX
		214	ssh_selinux_setup_pty(pw->pw_name, tty);
		215	#endif
		216
213	if (st.st_uid != pw->pw_uid \|\| st.st_gid != gid) {	217	if (st.st_uid != pw->pw_uid \|\| st.st_gid != gid) {
214	if (chown(tty, pw->pw_uid, gid) < 0) {	218	if (chown(tty, pw->pw_uid, gid) < 0) {
215	if (errno == EROFS &&	219	if (errno == EROFS &&

Lines 35-40 do_rsa1_keygen() { Link Here

(-)contrib/redhat/sshd.init (+9 lines)
35	if $KEYGEN -q -t rsa1 -f $RSA1_KEY -C '' -N '' >&/dev/null; then	35	if $KEYGEN -q -t rsa1 -f $RSA1_KEY -C '' -N '' >&/dev/null; then
36	chmod 600 $RSA1_KEY	36	chmod 600 $RSA1_KEY
37	chmod 644 $RSA1_KEY.pub	37	chmod 644 $RSA1_KEY.pub
		38	if [ -x /sbin/restorecon ]; then
		39	/sbin/restorecon $RSA1_KEY.pub
		40	fi
38	success $"RSA1 key generation"	41	success $"RSA1 key generation"
39	echo	42	echo
40	else	43	else
Lines 51-56 do_rsa_keygen() { Link Here
51	if $KEYGEN -q -t rsa -f $RSA_KEY -C '' -N '' >&/dev/null; then	54	if $KEYGEN -q -t rsa -f $RSA_KEY -C '' -N '' >&/dev/null; then
52	chmod 600 $RSA_KEY	55	chmod 600 $RSA_KEY
53	chmod 644 $RSA_KEY.pub	56	chmod 644 $RSA_KEY.pub
		57	if [ -x /sbin/restorecon ]; then
		58	/sbin/restorecon $RSA_KEY.pub
		59	fi
54	success $"RSA key generation"	60	success $"RSA key generation"
55	echo	61	echo
56	else	62	else
Lines 67-72 do_dsa_keygen() { Link Here
67	if $KEYGEN -q -t dsa -f $DSA_KEY -C '' -N '' >&/dev/null; then	73	if $KEYGEN -q -t dsa -f $DSA_KEY -C '' -N '' >&/dev/null; then
68	chmod 600 $DSA_KEY	74	chmod 600 $DSA_KEY
69	chmod 644 $DSA_KEY.pub	75	chmod 644 $DSA_KEY.pub
		76	if [ -x /sbin/restorecon ]; then
		77	/sbin/restorecon $DSA_KEY.pub
		78	fi
70	success $"DSA key generation"	79	success $"DSA key generation"
71	echo	80	echo
72	else	81	else

Lines 20-26 OPENBSD=base64.o basename.o bindresvport Link Here

(-)openbsd-compat/Makefile.in (-1 / +1 lines)
20		20
21	COMPAT=bsd-arc4random.o bsd-asprintf.o bsd-closefrom.o bsd-cray.o bsd-cygwin_util.o bsd-getpeereid.o bsd-misc.o bsd-nextstep.o bsd-openpty.o bsd-snprintf.o bsd-waitpid.o fake-rfc2553.o openssl-compat.o xmmap.o xcrypt.o	21	COMPAT=bsd-arc4random.o bsd-asprintf.o bsd-closefrom.o bsd-cray.o bsd-cygwin_util.o bsd-getpeereid.o bsd-misc.o bsd-nextstep.o bsd-openpty.o bsd-snprintf.o bsd-waitpid.o fake-rfc2553.o openssl-compat.o xmmap.o xcrypt.o
22		22
23	PORTS=port-irix.o port-aix.o port-uw.o port-tun.o	23	PORTS=port-irix.o port-linux.o port-aix.o port-uw.o port-tun.o
24		24
25	.c.o:	25	.c.o:
26	$(CC) $(CFLAGS) $(CPPFLAGS) -c $<	26	$(CC) $(CFLAGS) $(CPPFLAGS) -c $<

Lines 185-190 char shadow_pw(struct passwd pw); Link Here

(-)openbsd-compat/openbsd-compat.h (+1 lines)
185	#include "bsd-cray.h"	185	#include "bsd-cray.h"
186	#include "bsd-cygwin_util.h"	186	#include "bsd-cygwin_util.h"
187	#include "port-irix.h"	187	#include "port-irix.h"
		188	#include "port-linux.h"
188	#include "port-aix.h"	189	#include "port-aix.h"
189	#include "port-uw.h"	190	#include "port-uw.h"
190	#include "port-tun.h"	191	#include "port-tun.h"




/* $Id$ */

/*
 * Copyright (c) 2005 Daniel Walsh <dwalsh@redhat.com>
 * Copyright (c) 2006 Damien Miller <djm@openbsd.org>
 *
 * Permission to use, copy, modify, and distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
 * copyright notice and this permission notice appear in all copies.
 *
 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 */

/*
 * Linux-specific portability code - just SELinux support at present
 */

#include "includes.h"

#ifdef WITH_SELINUX
#include "log.h"
#include "port-linux.h"

#include <selinux/selinux.h>
#include <selinux/flask.h>
#include <selinux/get_context_list.h>

/* Wrapper around is_selinux_enabled() to log its return value once only */
static int
ssh_selinux_enabled(void)
{
	static int enabled = -1;

	if (enabled == -1) {
		enabled = is_selinux_enabled();
		debug("SELinux support %s", enabled ? "enabled" : "disabled");
	}

	return (enabled);
}

/* Return the default security context for the given username */
static security_context_t
ssh_selinux_getctxbyname(char *pwname)
{
	security_context_t sc;
	char *sename = NULL, *lvl = NULL;
	int r;

#ifdef HAVE_GETSEUSERBYNAME
	if (getseuserbyname(pwname, &sename, &lvl) != 0)
		return NULL;
#else
	sename = pwname;
	lvl = NULL;
#endif

#ifdef HAVE_GET_DEFAULT_CONTEXT_WITH_LEVEL
	r = get_default_context_with_level(sename, lvl, NULL, &sc);
#else
	r = get_default_context(sename, NULL, &sc);
#endif

	if (r != 0) {
		switch (security_getenforce()) {
		case -1:
			fatal("%s: ssh_selinux_getctxbyname: "
			    "security_getenforce() failed", __func__);
		case 0:
			error("%s: Failed to get default SELinux security "
			    "context for %s", __func__, pwname);
		default:
			fatal("%s: Failed to get default SELinux security "
			    "context for %s (in enforcing mode)",
			    __func__, pwname);
		}
	}

#ifdef HAVE_GETSEUSERBYNAME
	if (sename != NULL)
		xfree(sename);
	if (lvl != NULL)
		xfree(lvl);
#endif

	return (sc);
}

/* Set the execution context to the default for the specified user */
void
ssh_selinux_setup_exec_context(char *pwname)
{
	security_context_t user_ctx = NULL;

	if (!ssh_selinux_enabled())
		return;

	debug3("%s: setting execution context", __func__);

	user_ctx = ssh_selinux_getctxbyname(pwname);
	if (setexeccon(user_ctx) != 0) {
		switch (security_getenforce()) {
		case -1:
			fatal("%s: security_getenforce() failed", __func__);
		case 0:
			error("%s: Failed to set SELinux execution "
			    "context for %s", __func__, pwname);
		default:
			fatal("%s: Failed to set SELinux execution context "
			    "for %s (in enforcing mode)", __func__, pwname);
		}
	}
	if (user_ctx != NULL)
		freecon(user_ctx);

	debug3("%s: done", __func__);
}

/* Set the TTY context for the specified user */
void
ssh_selinux_setup_pty(char *pwname, const char *tty)
{
	security_context_t new_tty_ctx = NULL;
	security_context_t user_ctx = NULL;
	security_context_t old_tty_ctx = NULL;

	if (!ssh_selinux_enabled())
		return;

	debug3("%s: setting TTY context on %s", __func__, tty);

	user_ctx = ssh_selinux_getctxbyname(pwname);

	/* XXX: should these calls fatal() upon failure in enforcing mode? */

	if (getfilecon(tty, &old_tty_ctx) == -1) {
		error("%s: getfilecon: %s", __func__, strerror(errno));
		goto out;
	}

	if (security_compute_relabel(user_ctx, old_tty_ctx,
	    SECCLASS_CHR_FILE, &new_tty_ctx) != 0) {
		error("%s: security_compute_relabel: %s",
		    __func__, strerror(errno));
		goto out;
	}

	if (setfilecon(tty, new_tty_ctx) != 0)
		error("%s: setfilecon: %s", __func__, strerror(errno));
 out:
	if (new_tty_ctx != NULL)
		freecon(new_tty_ctx);
	if (old_tty_ctx != NULL)
		freecon(old_tty_ctx);
	if (user_ctx != NULL)
		freecon(user_ctx);
	debug3("%s: done", __func__);
}
#endif /* WITH_SELINUX */




/* $Id$ */

/*
 * Copyright (c) 2006 Damien Miller <djm@openbsd.org>
 *
 * Permission to use, copy, modify, and distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
 * copyright notice and this permission notice appear in all copies.
 *
 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 */

#ifndef _PORT_LINUX_H
#define _PORT_LINUX_H

#ifdef WITH_SELINUX
void ssh_selinux_setup_pty(char *, const char *);
void ssh_selinux_setup_exec_context(char *);
#endif

#endif /* ! _PORT_LINUX_H */

Return to bug 880

Lines 3000-3005 int main() Link Here

(-)configure.ac (+18 lines)
3000	[#include <arpa/nameser.h>])	3000	[#include <arpa/nameser.h>])
3001	])	3001	])
3002		3002
		3003	# Check whether user wants SELinux support
		3004	SELINUX_MSG="no"
		3005	LIBSELINUX=""
		3006	AC_ARG_WITH(selinux,
		3007	[ --with-selinux Enable SELinux support],
		3008	[ if test "x$withval" != "xno" ; then
		3009	AC_DEFINE(WITH_SELINUX,1,[Define if you want SELinux support.])
		3010	SELINUX_MSG="yes"
		3011	AC_CHECK_HEADER([selinux/selinux.h], ,
		3012	AC_MSG_ERROR(SELinux support requires selinux.h header))
		3013	AC_CHECK_LIB(selinux, setexeccon, [ LIBSELINUX="-lselinux" ],
		3014	AC_MSG_ERROR(SELinux support requires libselinux library))
		3015	AC_CHECK_FUNCS(getseuserbyname get_default_context_with_level)
		3016	fi ]
		3017	)
		3018	AC_SUBST(LIBSELINUX)
		3019
3003	# Check whether user wants Kerberos 5 support	3020	# Check whether user wants Kerberos 5 support
3004	KRB5_MSG="no"	3021	KRB5_MSG="no"
3005	AC_ARG_WITH(kerberos5,	3022	AC_ARG_WITH(kerberos5,
Lines 3818-3823 fi Link Here
3818	echo " Manpage format: $MANTYPE"	3835	echo " Manpage format: $MANTYPE"
3819	echo " PAM support: $PAM_MSG"	3836	echo " PAM support: $PAM_MSG"
3820	echo " KerberosV support: $KRB5_MSG"	3837	echo " KerberosV support: $KRB5_MSG"
		3838	echo " SELinux support: $SELINUX_MSG"
3821	echo " Smartcard support: $SCARD_MSG"	3839	echo " Smartcard support: $SCARD_MSG"
3822	echo " S/KEY support: $SKEY_MSG"	3840	echo " S/KEY support: $SKEY_MSG"
3823	echo " TCP Wrappers support: $TCPW_MSG"	3841	echo " TCP Wrappers support: $TCPW_MSG"

Added Link Here

(-)openbsd-compat/port-linux.c (+165 lines)
1	/* $Id$ */
2
3	/*
4	* Copyright (c) 2005 Daniel Walsh <dwalsh@redhat.com>
5	* Copyright (c) 2006 Damien Miller <djm@openbsd.org>
6	*
7	* Permission to use, copy, modify, and distribute this software for any
8	* purpose with or without fee is hereby granted, provided that the above
9	* copyright notice and this permission notice appear in all copies.
10	*
11	* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
12	* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
13	* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
14	* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
15	* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
16	* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
17	* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
18	*/
19
20	/*
21	* Linux-specific portability code - just SELinux support at present
22	*/
23
24	#include "includes.h"
25
26	#ifdef WITH_SELINUX
27	#include "log.h"
28	#include "port-linux.h"
29
30	#include <selinux/selinux.h>
31	#include <selinux/flask.h>
32	#include <selinux/get_context_list.h>
33
34	/* Wrapper around is_selinux_enabled() to log its return value once only */
35	static int
36	ssh_selinux_enabled(void)
37	{
38	static int enabled = -1;
39
40	if (enabled == -1) {
41	enabled = is_selinux_enabled();
42	debug("SELinux support %s", enabled ? "enabled" : "disabled");
43	}
44
45	return (enabled);
46	}
47
48	/* Return the default security context for the given username */
49	static security_context_t
50	ssh_selinux_getctxbyname(char *pwname)
51	{
52	security_context_t sc;
53	char sename = NULL, lvl = NULL;
54	int r;
55
56	#ifdef HAVE_GETSEUSERBYNAME
57	if (getseuserbyname(pwname, &sename, &lvl) != 0)
58	return NULL;
59	#else
60	sename = pwname;
61	lvl = NULL;
62	#endif
63
64	#ifdef HAVE_GET_DEFAULT_CONTEXT_WITH_LEVEL
65	r = get_default_context_with_level(sename, lvl, NULL, &sc);
66	#else
67	r = get_default_context(sename, NULL, &sc);
68	#endif
69
70	if (r != 0) {
71	switch (security_getenforce()) {
72	case -1:
73	fatal("%s: ssh_selinux_getctxbyname: "
74	"security_getenforce() failed", __func__);
75	case 0:
76	error("%s: Failed to get default SELinux security "
77	"context for %s", __func__, pwname);
78	default:
79	fatal("%s: Failed to get default SELinux security "
80	"context for %s (in enforcing mode)",
81	__func__, pwname);
82	}
83	}
84
85	#ifdef HAVE_GETSEUSERBYNAME
86	if (sename != NULL)
87	xfree(sename);
88	if (lvl != NULL)
89	xfree(lvl);
90	#endif
91
92	return (sc);
93	}
94
95	/* Set the execution context to the default for the specified user */
96	void
97	ssh_selinux_setup_exec_context(char *pwname)
98	{
99	security_context_t user_ctx = NULL;
100
101	if (!ssh_selinux_enabled())
102	return;
103
104	debug3("%s: setting execution context", __func__);
105
106	user_ctx = ssh_selinux_getctxbyname(pwname);
107	if (setexeccon(user_ctx) != 0) {
108	switch (security_getenforce()) {
109	case -1:
110	fatal("%s: security_getenforce() failed", __func__);
111	case 0:
112	error("%s: Failed to set SELinux execution "
113	"context for %s", __func__, pwname);
114	default:
115	fatal("%s: Failed to set SELinux execution context "
116	"for %s (in enforcing mode)", __func__, pwname);
117	}
118	}
119	if (user_ctx != NULL)
120	freecon(user_ctx);
121
122	debug3("%s: done", __func__);
123	}
124
125	/* Set the TTY context for the specified user */
126	void
127	ssh_selinux_setup_pty(char pwname, const char tty)
128	{
129	security_context_t new_tty_ctx = NULL;
130	security_context_t user_ctx = NULL;
131	security_context_t old_tty_ctx = NULL;
132
133	if (!ssh_selinux_enabled())
134	return;
135
136	debug3("%s: setting TTY context on %s", __func__, tty);
137
138	user_ctx = ssh_selinux_getctxbyname(pwname);
139
140	/* XXX: should these calls fatal() upon failure in enforcing mode? */
141
142	if (getfilecon(tty, &old_tty_ctx) == -1) {
143	error("%s: getfilecon: %s", __func__, strerror(errno));
144	goto out;
145	}
146
147	if (security_compute_relabel(user_ctx, old_tty_ctx,
148	SECCLASS_CHR_FILE, &new_tty_ctx) != 0) {
149	error("%s: security_compute_relabel: %s",
150	__func__, strerror(errno));
151	goto out;
152	}
153
154	if (setfilecon(tty, new_tty_ctx) != 0)
155	error("%s: setfilecon: %s", __func__, strerror(errno));
156	out:
157	if (new_tty_ctx != NULL)
158	freecon(new_tty_ctx);
159	if (old_tty_ctx != NULL)
160	freecon(old_tty_ctx);
161	if (user_ctx != NULL)
162	freecon(user_ctx);
163	debug3("%s: done", __func__);
164	}
165	#endif /* WITH_SELINUX */

Added Link Here

(-)openbsd-compat/port-linux.h (+27 lines)
1	/* $Id$ */
2
3	/*
4	* Copyright (c) 2006 Damien Miller <djm@openbsd.org>
5	*
6	* Permission to use, copy, modify, and distribute this software for any
7	* purpose with or without fee is hereby granted, provided that the above
8	* copyright notice and this permission notice appear in all copies.
9	*
10	* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
11	* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
12	* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
13	* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
14	* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15	* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16	* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17	*/
18
19	#ifndef _PORT_LINUX_H
20	#define _PORT_LINUX_H
21
22	#ifdef WITH_SELINUX
23	void ssh_selinux_setup_pty(char , const char );
24	void ssh_selinux_setup_exec_context(char *);
25	#endif
26
27	#endif /* ! _PORT_LINUX_H */