Bugzilla – Attachment 1922 Details for
Bug 1614
ssh-copy-id doesn't seem to set correct selinux permissions
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
openssh-selinux-sshdir.patch
openssh-selinux-sshdir.patch (text/plain), 4.27 KB, created by
Darren Tucker
on 2010-09-10 11:11:22 AEST
(
hide
)
Description:
openssh-selinux-sshdir.patch
Filename:
MIME Type:
Creator:
Darren Tucker
Created:
2010-09-10 11:11:22 AEST
Size:
4.27 KB
patch
obsolete
>? build >Index: Makefile.in >=================================================================== >RCS file: /var/cvs/openssh/Makefile.in,v >retrieving revision 1.310 >diff -u -p -r1.310 Makefile.in >--- Makefile.in 12 May 2010 06:51:39 -0000 1.310 >+++ Makefile.in 10 Sep 2010 01:08:13 -0000 >@@ -46,6 +46,7 @@ LD=@LD@ > CFLAGS=@CFLAGS@ > CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ $(PATHS) @DEFS@ > LIBS=@LIBS@ >+SSHLIBS=@SSHLIBS@ > SSHDLIBS=@SSHDLIBS@ > LIBEDIT=@LIBEDIT@ > AR=@AR@ >@@ -139,7 +140,7 @@ libssh.a: $(LIBSSH_OBJS) > $(RANLIB) $@ > > ssh$(EXEEXT): $(LIBCOMPAT) libssh.a $(SSHOBJS) >- $(LD) -o $@ $(SSHOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) >+ $(LD) -o $@ $(SSHOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(SSHLIBS) $(LIBS) > > sshd$(EXEEXT): libssh.a $(LIBCOMPAT) $(SSHDOBJS) > $(LD) -o $@ $(SSHDOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(SSHDLIBS) $(LIBS) >Index: configure.ac >=================================================================== >RCS file: /var/cvs/openssh/configure.ac,v >retrieving revision 1.451 >diff -u -p -r1.451 configure.ac >--- configure.ac 16 Aug 2010 03:15:23 -0000 1.451 >+++ configure.ac 10 Sep 2010 01:08:13 -0000 >@@ -700,7 +700,6 @@ mips-sony-bsd|mips-sony-newsos4) > [ AC_DEFINE(USE_SOLARIS_PROCESS_CONTRACTS, 1, > [Define if you have Solaris process contracts]) > SSHDLIBS="$SSHDLIBS -lcontract" >- AC_SUBST(SSHDLIBS) > SPC_MSG="yes" ], ) > ], > ) >@@ -3388,6 +3387,7 @@ AC_ARG_WITH(selinux, > ], > AC_MSG_ERROR(SELinux support requires libselinux library)) > SSHDLIBS="$SSHDLIBS $LIBSELINUX" >+ SSHLIBS="$SSHLIBS $LIBSELINUX" > AC_CHECK_FUNCS(getseuserbyname get_default_context_with_level) > LIBS="$save_LIBS" > fi ] >@@ -4137,6 +4137,8 @@ else > fi > AC_CHECK_DECL(BROKEN_GETADDRINFO, TEST_SSH_IPV6=no) > AC_SUBST(TEST_SSH_IPV6, $TEST_SSH_IPV6) >+AC_SUBST(SSHLIBS) >+AC_SUBST(SSHDLIBS) > > AC_EXEEXT > AC_CONFIG_FILES([Makefile buildpkg.sh opensshd.init openssh.xml \ >@@ -4209,6 +4211,9 @@ echo " Linker flags: ${LDFLAGS}" > echo " Libraries: ${LIBS}" > if test ! -z "${SSHDLIBS}"; then > echo " +for sshd: ${SSHDLIBS}" >+fi >+if test ! -z "${SSHLIBS}"; then >+echo " +for ssh: ${SSHLIBS}" > fi > > echo "" >Index: ssh.c >=================================================================== >RCS file: /var/cvs/openssh/ssh.c,v >retrieving revision 1.338 >diff -u -p -r1.338 ssh.c >--- ssh.c 16 Aug 2010 15:59:31 -0000 1.338 >+++ ssh.c 10 Sep 2010 01:08:14 -0000 >@@ -830,10 +830,19 @@ main(int ac, char **av) > */ > r = snprintf(buf, sizeof buf, "%s%s%s", pw->pw_dir, > strcmp(pw->pw_dir, "/") ? "/" : "", _PATH_SSH_USER_DIR); >- if (r > 0 && (size_t)r < sizeof(buf) && stat(buf, &st) < 0) >+ if (r > 0 && (size_t)r < sizeof(buf) && stat(buf, &st) < 0) { >+#ifdef WITH_SELINUX >+ char *scon; >+ >+ matchpathcon(buf, 0700, &scon); >+ setfscreatecon(scon); >+#endif > if (mkdir(buf, 0700) < 0) > error("Could not create directory '%.200s'.", buf); >- >+#ifdef WITH_SELINUX >+ setfscreatecon(NULL); >+#endif >+ } > /* load options.identity_files */ > load_public_identity_files(); > >Index: contrib/ssh-copy-id >=================================================================== >RCS file: /var/cvs/openssh/contrib/ssh-copy-id,v >retrieving revision 1.10 >diff -u -p -r1.10 ssh-copy-id >--- contrib/ssh-copy-id 10 Aug 2010 03:36:09 -0000 1.10 >+++ contrib/ssh-copy-id 10 Sep 2010 01:08:14 -0000 >@@ -41,7 +41,7 @@ fi > # strip any trailing colon > host=`echo $1 | sed 's/:$//'` > >-{ eval "$GET_ID" ; } | ssh $host "umask 077; test -d ~/.ssh || mkdir ~/.ssh ; cat >> ~/.ssh/authorized_keys" || exit 1 >+{ eval "$GET_ID" ; } | ssh $host "umask 077; test -d ~/.ssh || mkdir ~/.ssh ; cat >> ~/.ssh/authorized_keys; test -x /sbin/restorecon && /sbin/restorecon ~/.ssh ~/.ssh/authorized_keys" || exit 1 > > cat <<EOF > Now try logging into the machine, with "ssh '$host'", and check in: >Index: openbsd-compat/port-linux.h >=================================================================== >RCS file: /var/cvs/openssh/openbsd-compat/port-linux.h,v >retrieving revision 1.4 >diff -u -p -r1.4 port-linux.h >--- openbsd-compat/port-linux.h 8 Dec 2009 02:39:48 -0000 1.4 >+++ openbsd-compat/port-linux.h 10 Sep 2010 01:08:14 -0000 >@@ -20,6 +20,7 @@ > #define _PORT_LINUX_H > > #ifdef WITH_SELINUX >+#include <selinux/selinux.h> > int ssh_selinux_enabled(void); > void ssh_selinux_setup_pty(char *, const char *); > void ssh_selinux_setup_exec_context(char *);
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=1922">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Flags:
djm
:
ok+
Actions:
View
|
Diff
Attachments on
bug 1614
:
1655
|
1917
| 1922 |
1923