[Bug 237557] [NEW] chroot fails if compiled with SELinux support
peterh
peter at holik.at
Thu Jun 5 08:43:54 BST 2008
Public bug reported:
i am using openssh with libpam_chroot to have a chrooted login but
following error message denies access for chrooted uses
sshd[14644]: fatal: ssh_selinux_getctxbyname: ssh_selinux_getctxbyname:
security_getenforce() failed
Please include this fix: http://marc.info/?l=openssh-unix-dev&m=120615000019541&w=2
Index: session.c
===================================================================
RCS file: /usr/local/src/security/openssh/cvs/openssh/session.c,v
retrieving revision 1.364
diff -u -p -r1.364 session.c
--- session.c 15 Mar 2008 06:27:58 -0000 1.364
+++ session.c 22 Mar 2008 01:23:48 -0000
@@ -1350,6 +1350,10 @@ do_setusercontext(struct passwd *pw)
#endif /* HAVE_CYGWIN */
{
+#ifdef WITH_SELINUX
+ /* Cache selinux status for later use */
+ (void)ssh_selinux_enabled();
+#endif
#ifdef HAVE_SETPCRED
if (setpcred(pw->pw_name, (char **)NULL) == -1)
fatal("Failed to set process credentials");
Index: openbsd-compat/port-linux.c
===================================================================
RCS file: /usr/local/src/security/openssh/cvs/openssh/openbsd-compat/port-linux.c,v
retrieving revision 1.4
diff -u -p -r1.4 port-linux.c
--- openbsd-compat/port-linux.c 27 Jun 2007 22:48:03 -0000 1.4
+++ openbsd-compat/port-linux.c 22 Mar 2008 01:24:06 -0000
@@ -36,7 +36,7 @@
#include <selinux/get_context_list.h>
/* Wrapper around is_selinux_enabled() to log its return value once only */
-static int
+int
ssh_selinux_enabled(void)
{
static int enabled = -1;
Index: openbsd-compat/port-linux.h
===================================================================
RCS file: /usr/local/src/security/openssh/cvs/openssh/openbsd-compat/port-linux.h,v
retrieving revision 1.1
diff -u -p -r1.1 port-linux.h
--- openbsd-compat/port-linux.h 22 Apr 2006 11:26:08 -0000 1.1
+++ openbsd-compat/port-linux.h 22 Mar 2008 01:28:06 -0000
@@ -20,6 +20,7 @@
#define _PORT_LINUX_H
#ifdef WITH_SELINUX
+int ssh_selinux_enabled(void);
void ssh_selinux_setup_pty(char *, const char *);
void ssh_selinux_setup_exec_context(char *);
#endif
** Affects: openssh (Ubuntu)
Importance: Undecided
Status: New
--
chroot fails if compiled with SELinux support
https://bugs.launchpad.net/bugs/237557
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to openssh in ubuntu.
More information about the Ubuntu-server-bugs
mailing list