Bugzilla – Attachment 1917 Details for
Bug 1614
ssh-copy-id doesn't seem to set correct selinux permissions
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Patch suitable for openssh-5.6p1
openssh-5.6p1-selabel.patch (text/plain), 2.25 KB, created by
jchadima
on 2010-09-03 23:15:10 AEST
(
hide
)
Description:
Patch suitable for openssh-5.6p1
Filename:
MIME Type:
Creator:
jchadima
Created:
2010-09-03 23:15:10 AEST
Size:
2.25 KB
patch
obsolete
>diff -up openssh-5.6p1/contrib/ssh-copy-id.selabel openssh-5.6p1/contrib/ssh-copy-id >--- openssh-5.6p1/contrib/ssh-copy-id.selabel 2010-08-10 05:36:09.000000000 +0200 >+++ openssh-5.6p1/contrib/ssh-copy-id 2010-08-23 12:50:20.000000000 +0200 >@@ -41,7 +41,7 @@ fi > # strip any trailing colon > host=`echo $1 | sed 's/:$//'` > >-{ eval "$GET_ID" ; } | ssh $host "umask 077; test -d ~/.ssh || mkdir ~/.ssh ; cat >> ~/.ssh/authorized_keys" || exit 1 >+{ eval "$GET_ID" ; } | ssh $host "umask 077; test -d ~/.ssh || mkdir ~/.ssh ; cat >> ~/.ssh/authorized_keys; test -x /sbin/restorecon && /sbin/restorecon ~/.ssh ~/.ssh/authorized_keys" || exit 1 > > cat <<EOF > Now try logging into the machine, with "ssh '$host'", and check in: >diff -up openssh-5.6p1/Makefile.in.selabel openssh-5.6p1/Makefile.in >--- openssh-5.6p1/Makefile.in.selabel 2010-08-23 12:47:39.000000000 +0200 >+++ openssh-5.6p1/Makefile.in 2010-08-23 12:47:39.000000000 +0200 >@@ -141,7 +141,7 @@ libssh.a: $(LIBSSH_OBJS) > $(RANLIB) $@ > > ssh$(EXEEXT): $(LIBCOMPAT) libssh.a $(SSHOBJS) >- $(LD) -o $@ $(SSHOBJS) $(LDFLAGS) -lssh -lopenbsd-compat -lfipscheck $(LIBS) >+ $(LD) -o $@ $(SSHOBJS) $(LDFLAGS) -lssh -lopenbsd-compat -lfipscheck -lselinux $(LIBS) > > sshd$(EXEEXT): libssh.a $(LIBCOMPAT) $(SSHDOBJS) > $(LD) -o $@ $(SSHDOBJS) $(LDFLAGS) -lssh -lopenbsd-compat -lfipscheck $(SSHDLIBS) $(LIBS) >diff -up openssh-5.6p1/ssh.c.selabel openssh-5.6p1/ssh.c >--- openssh-5.6p1/ssh.c.selabel 2010-08-23 12:47:39.000000000 +0200 >+++ openssh-5.6p1/ssh.c 2010-08-23 12:47:39.000000000 +0200 >@@ -74,6 +74,7 @@ > #include <openssl/err.h> > #include <openssl/fips.h> > #include <fipscheck.h> >+#include <selinux/selinux.h> > #include "openbsd-compat/openssl-compat.h" > #include "openbsd-compat/sys-queue.h" > >@@ -848,10 +849,15 @@ main(int ac, char **av) > */ > r = snprintf(buf, sizeof buf, "%s%s%s", pw->pw_dir, > strcmp(pw->pw_dir, "/") ? "/" : "", _PATH_SSH_USER_DIR); >- if (r > 0 && (size_t)r < sizeof(buf) && stat(buf, &st) < 0) >+ if (r > 0 && (size_t)r < sizeof(buf) && stat(buf, &st) < 0) { >+ char *scon; >+ >+ matchpathcon(buf, 0700, &scon); >+ setfscreatecon(scon); > if (mkdir(buf, 0700) < 0) > error("Could not create directory '%.200s'.", buf); >- >+ setfscreatecon(NULL); >+ } > /* load options.identity_files */ > load_public_identity_files(); >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=1917">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 1614
:
1655
|
1917
|
1922
|
1923