Bug 1641 - Add SELinux roles
Summary: Add SELinux roles
Status: CLOSED WONTFIX
Alias: None
Product: Portable OpenSSH
Classification: Unclassified
Component: sshd (show other bugs)
Version: 5.2p1
Hardware: Other Linux
: P2 normal
Assignee: Assigned to nobody
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2009-08-31 18:56 AEST by jchadima
Modified: 2013-10-04 23:38 AEST (History)
4 users (show)

See Also:

Attachments
Patch solving the problem (12.48 KB, patch)
2009-08-31 20:51 AEST, jchadima 		no flags Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description jchadima 2009-08-31 18:56:15 AEST 
Add support for choosing SELinux role from the client (ssh user/role@server)
Comment 1 jchadima 2009-08-31 20:51:43 AEST 
Created attachment 1688 [details]
Patch solving the problem
Comment 2 Damien Miller 2009-09-01 16:27:41 AEST 
I don't like this approach of sending magic usernames. It has already caused us problems with its (ab)use for selecting BSD auth styles, cf bug #937.
Comment 3 Tomas Mraz 2009-09-01 17:07:47 AEST 
Damien, do you have some proposal how could be this feature handled differently without using the magic usernames?
Comment 4 Damien Miller 2010-02-10 09:40:53 AEDT 
Well, it would take a protocol change. I'm not really keen to do this in stock OpenSSH to support the vagaries of one system. Perhaps if your propose something on the ietf-secsh list you might be able to get it adopted.
Comment 5 Damien Miller 2010-04-16 15:49:58 AEST 
Mass move of bugs RESOLVED->CLOSED following the release of openssh-5.5p1