Bugzilla – Attachment 2077 Details for
Bug 1919
do not change the context from unconfined_t
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
selinux-unconfined.diff
selinux-unconfined.diff (text/plain), 2.09 KB, created by
Damien Miller
on 2011-08-29 15:49:16 AEST
(
hide
)
Description:
selinux-unconfined.diff
Filename:
MIME Type:
Creator:
Damien Miller
Created:
2011-08-29 15:49:16 AEST
Size:
2.09 KB
patch
obsolete
>Index: openbsd-compat/port-linux.c >=================================================================== >RCS file: /var/cvs/openssh/openbsd-compat/port-linux.c,v >retrieving revision 1.15 >diff -u -p -r1.15 port-linux.c >--- openbsd-compat/port-linux.c 12 Aug 2011 00:12:55 -0000 1.15 >+++ openbsd-compat/port-linux.c 29 Aug 2011 05:44:22 -0000 >@@ -38,6 +38,10 @@ > #include <selinux/flask.h> > #include <selinux/get_context_list.h> > >+#ifndef SSH_SELINUX_UNCONFINED_TYPE >+# define SSH_SELINUX_UNCONFINED_TYPE ":unconfined_t:" >+#endif >+ > /* Wrapper around is_selinux_enabled() to log its return value once only */ > int > ssh_selinux_enabled(void) >@@ -177,12 +181,13 @@ ssh_selinux_change_context(const char *n > { > int len, newlen; > char *oldctx, *newctx, *cx; >+ void (*switchlog) (const char *fmt,...) = logit; > > if (!ssh_selinux_enabled()) > return; > > if (getcon((security_context_t *)&oldctx) < 0) { >- logit("%s: getcon failed with %s", __func__, strerror (errno)); >+ logit("%s: getcon failed with %s", __func__, strerror(errno)); > return; > } > if ((cx = index(oldctx, ':')) == NULL || (cx = index(cx + 1, ':')) == >@@ -191,6 +196,14 @@ ssh_selinux_change_context(const char *n > return; > } > >+ /* >+ * Check whether we are attempting to switch away from an unconfined >+ * security context. >+ */ >+ if (strncmp(cx, SSH_SELINUX_UNCONFINED_TYPE, >+ sizeof(SSH_SELINUX_UNCONFINED_TYPE) - 1) == 0) >+ switchlog = debug3; >+ > newlen = strlen(oldctx) + strlen(newname) + 1; > newctx = xmalloc(newlen); > len = cx - oldctx + 1; >@@ -198,11 +211,11 @@ ssh_selinux_change_context(const char *n > strlcpy(newctx + len, newname, newlen - len); > if ((cx = index(cx + 1, ':'))) > strlcat(newctx, cx, newlen); >- debug3("%s: setting context from '%s' to '%s'", __func__, oldctx, >- newctx); >+ debug3("%s: setting context from '%s' to '%s'", __func__, >+ oldctx, newctx); > if (setcon(newctx) < 0) >- logit("%s: setcon %s from %s failed with %s", __func__, newctx, >- oldctx, strerror (errno)); >+ switchlog("%s: setcon %s from %s failed with %s", __func__, >+ newctx, oldctx, strerror(errno)); > xfree(oldctx); > xfree(newctx); > }
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=2077">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Flags:
dtucker
:
ok+
Actions:
View
|
Diff
Attachments on
bug 1919
:
2066
| 2077