|
Lines 38-43
Link Here
|
| 38 |
#include <selinux/flask.h> |
38 |
#include <selinux/flask.h> |
| 39 |
#include <selinux/get_context_list.h> |
39 |
#include <selinux/get_context_list.h> |
| 40 |
|
40 |
|
|
|
41 |
#ifndef SSH_SELINUX_UNCONFINED_TYPE |
| 42 |
# define SSH_SELINUX_UNCONFINED_TYPE ":unconfined_t:" |
| 43 |
#endif |
| 44 |
|
| 41 |
/* Wrapper around is_selinux_enabled() to log its return value once only */ |
45 |
/* Wrapper around is_selinux_enabled() to log its return value once only */ |
| 42 |
int |
46 |
int |
| 43 |
ssh_selinux_enabled(void) |
47 |
ssh_selinux_enabled(void) |
|
Lines 177-188
ssh_selinux_change_context(const char *n
Link Here
|
| 177 |
{ |
181 |
{ |
| 178 |
int len, newlen; |
182 |
int len, newlen; |
| 179 |
char *oldctx, *newctx, *cx; |
183 |
char *oldctx, *newctx, *cx; |
|
|
184 |
void (*switchlog) (const char *fmt,...) = logit; |
| 180 |
|
185 |
|
| 181 |
if (!ssh_selinux_enabled()) |
186 |
if (!ssh_selinux_enabled()) |
| 182 |
return; |
187 |
return; |
| 183 |
|
188 |
|
| 184 |
if (getcon((security_context_t *)&oldctx) < 0) { |
189 |
if (getcon((security_context_t *)&oldctx) < 0) { |
| 185 |
logit("%s: getcon failed with %s", __func__, strerror (errno)); |
190 |
logit("%s: getcon failed with %s", __func__, strerror(errno)); |
| 186 |
return; |
191 |
return; |
| 187 |
} |
192 |
} |
| 188 |
if ((cx = index(oldctx, ':')) == NULL || (cx = index(cx + 1, ':')) == |
193 |
if ((cx = index(oldctx, ':')) == NULL || (cx = index(cx + 1, ':')) == |
|
Lines 191-196
ssh_selinux_change_context(const char *n
Link Here
|
| 191 |
return; |
196 |
return; |
| 192 |
} |
197 |
} |
| 193 |
|
198 |
|
|
|
199 |
/* |
| 200 |
* Check whether we are attempting to switch away from an unconfined |
| 201 |
* security context. |
| 202 |
*/ |
| 203 |
if (strncmp(cx, SSH_SELINUX_UNCONFINED_TYPE, |
| 204 |
sizeof(SSH_SELINUX_UNCONFINED_TYPE) - 1) == 0) |
| 205 |
switchlog = debug3; |
| 206 |
|
| 194 |
newlen = strlen(oldctx) + strlen(newname) + 1; |
207 |
newlen = strlen(oldctx) + strlen(newname) + 1; |
| 195 |
newctx = xmalloc(newlen); |
208 |
newctx = xmalloc(newlen); |
| 196 |
len = cx - oldctx + 1; |
209 |
len = cx - oldctx + 1; |
|
Lines 198-208
ssh_selinux_change_context(const char *n
Link Here
|
| 198 |
strlcpy(newctx + len, newname, newlen - len); |
211 |
strlcpy(newctx + len, newname, newlen - len); |
| 199 |
if ((cx = index(cx + 1, ':'))) |
212 |
if ((cx = index(cx + 1, ':'))) |
| 200 |
strlcat(newctx, cx, newlen); |
213 |
strlcat(newctx, cx, newlen); |
| 201 |
debug3("%s: setting context from '%s' to '%s'", __func__, oldctx, |
214 |
debug3("%s: setting context from '%s' to '%s'", __func__, |
| 202 |
newctx); |
215 |
oldctx, newctx); |
| 203 |
if (setcon(newctx) < 0) |
216 |
if (setcon(newctx) < 0) |
| 204 |
logit("%s: setcon %s from %s failed with %s", __func__, newctx, |
217 |
switchlog("%s: setcon %s from %s failed with %s", __func__, |
| 205 |
oldctx, strerror (errno)); |
218 |
newctx, oldctx, strerror(errno)); |
| 206 |
xfree(oldctx); |
219 |
xfree(oldctx); |
| 207 |
xfree(newctx); |
220 |
xfree(newctx); |
| 208 |
} |
221 |
} |