openssh/devel/openssh-5.3p1-selabel.patch

diff -up openssh-5.3p1/contrib/ssh-copy-id.selabel openssh-5.3p1/contrib/ssh-copy-id
--- openssh-5.3p1/contrib/ssh-copy-id.selabel	2009-01-21 10:29:21.000000000 +0100
+++ openssh-5.3p1/contrib/ssh-copy-id	2009-10-02 14:21:54.000000000 +0200
@@ -38,7 +38,7 @@ if [ "$#" -lt 1 ] || [ "$1" = "-h" ] || 
   exit 1
 fi
 
-{ eval "$GET_ID" ; } | ssh $1 "umask 077; test -d .ssh || mkdir .ssh ; cat >> .ssh/authorized_keys" || exit 1
+{ eval "$GET_ID" ; } | ssh $1 "umask 077; test -d .ssh || mkdir .ssh ; cat >> .ssh/authorized_keys; test -x /sbin/restorecon && /sbin/restorecon .ssh .ssh/authorized_keys" || exit 1
 
 cat <<EOF
 Now try logging into the machine, with "ssh '$1'", and check in:
diff -up openssh-5.3p1/Makefile.in.selabel openssh-5.3p1/Makefile.in
--- openssh-5.3p1/Makefile.in.selabel	2009-10-02 14:21:54.000000000 +0200
+++ openssh-5.3p1/Makefile.in	2009-10-02 14:23:23.000000000 +0200
@@ -136,7 +136,7 @@ libssh.a: $(LIBSSH_OBJS)
 	$(RANLIB) $@
 
 ssh$(EXEEXT): $(LIBCOMPAT) libssh.a $(SSHOBJS)
-	$(LD) -o $@ $(SSHOBJS) $(LDFLAGS) -lssh -lopenbsd-compat -lfipscheck $(LIBS)
+	$(LD) -o $@ $(SSHOBJS) $(LDFLAGS) -lssh -lopenbsd-compat -lfipscheck -lselinux $(LIBS)
 
 sshd$(EXEEXT): libssh.a	$(LIBCOMPAT) $(SSHDOBJS)
 	$(LD) -o $@ $(SSHDOBJS) $(LDFLAGS) -lssh -lopenbsd-compat -lfipscheck $(SSHDLIBS) $(LIBS)
diff -up openssh-5.3p1/ssh.c.selabel openssh-5.3p1/ssh.c
--- openssh-5.3p1/ssh.c.selabel	2009-10-02 14:21:54.000000000 +0200
+++ openssh-5.3p1/ssh.c	2009-10-02 14:21:54.000000000 +0200
@@ -74,6 +74,7 @@
 #include <openssl/err.h>
 #include <openssl/fips.h>
 #include <fipscheck.h>
+#include <selinux/selinux.h>
 #include "openbsd-compat/openssl-compat.h"
 #include "openbsd-compat/sys-queue.h"
 
@@ -792,10 +793,15 @@ main(int ac, char **av)
 	 */
 	r = snprintf(buf, sizeof buf, "%s%s%s", pw->pw_dir,
 	    strcmp(pw->pw_dir, "/") ? "/" : "", _PATH_SSH_USER_DIR);
-	if (r > 0 && (size_t)r < sizeof(buf) && stat(buf, &st) < 0)
+	if (r > 0 && (size_t)r < sizeof(buf) && stat(buf, &st) < 0) {
+		char *scon;
+
+		matchpathcon(buf, 0700, &scon);
+		setfscreatecon(scon);
 		if (mkdir(buf, 0700) < 0)
 			error("Could not create directory '%.200s'.", buf);
-
+		setfscreatecon(NULL);
+	}
 	/* load options.identity_files */
 	load_public_identity_files();
 
1	diff -up openssh-5.3p1/contrib/ssh-copy-id.selabel openssh-5.3p1/contrib/ssh-copy-id
2	--- openssh-5.3p1/contrib/ssh-copy-id.selabel 2009-01-21 10:29:21.000000000 +0100
3	+++ openssh-5.3p1/contrib/ssh-copy-id 2009-10-02 14:21:54.000000000 +0200
4	@@ -38,7 +38,7 @@ if [ "$#" -lt 1 ] \|\| [ "$1" = "-h" ] \|\|
5	exit 1
6	fi
7
8	-{ eval "$GET_ID" ; } \| ssh $1 "umask 077; test -d .ssh \|\| mkdir .ssh ; cat >> .ssh/authorized_keys" \|\| exit 1
9	+{ eval "$GET_ID" ; } \| ssh $1 "umask 077; test -d .ssh \|\| mkdir .ssh ; cat >> .ssh/authorized_keys; test -x /sbin/restorecon && /sbin/restorecon .ssh .ssh/authorized_keys" \|\| exit 1
10
11	cat <<EOF
12	Now try logging into the machine, with "ssh '$1'", and check in:
13	diff -up openssh-5.3p1/Makefile.in.selabel openssh-5.3p1/Makefile.in
14	--- openssh-5.3p1/Makefile.in.selabel 2009-10-02 14:21:54.000000000 +0200
15	+++ openssh-5.3p1/Makefile.in 2009-10-02 14:23:23.000000000 +0200
16	@@ -136,7 +136,7 @@ libssh.a: $(LIBSSH_OBJS)
17	$(RANLIB) $@
18
19	ssh$(EXEEXT): $(LIBCOMPAT) libssh.a $(SSHOBJS)
20	- $(LD) -o $@ $(SSHOBJS) $(LDFLAGS) -lssh -lopenbsd-compat -lfipscheck $(LIBS)
21	+ $(LD) -o $@ $(SSHOBJS) $(LDFLAGS) -lssh -lopenbsd-compat -lfipscheck -lselinux $(LIBS)
22
23	sshd$(EXEEXT): libssh.a $(LIBCOMPAT) $(SSHDOBJS)
24	$(LD) -o $@ $(SSHDOBJS) $(LDFLAGS) -lssh -lopenbsd-compat -lfipscheck $(SSHDLIBS) $(LIBS)
25	diff -up openssh-5.3p1/ssh.c.selabel openssh-5.3p1/ssh.c
26	--- openssh-5.3p1/ssh.c.selabel 2009-10-02 14:21:54.000000000 +0200
27	+++ openssh-5.3p1/ssh.c 2009-10-02 14:21:54.000000000 +0200
28	@@ -74,6 +74,7 @@
29	#include <openssl/err.h>
30	#include <openssl/fips.h>
31	#include <fipscheck.h>
32	+#include <selinux/selinux.h>
33	#include "openbsd-compat/openssl-compat.h"
34	#include "openbsd-compat/sys-queue.h"
35
36	@@ -792,10 +793,15 @@ main(int ac, char **av)
37	*/
38	r = snprintf(buf, sizeof buf, "%s%s%s", pw->pw_dir,
39	strcmp(pw->pw_dir, "/") ? "/" : "", _PATH_SSH_USER_DIR);
40	- if (r > 0 && (size_t)r < sizeof(buf) && stat(buf, &st) < 0)
41	+ if (r > 0 && (size_t)r < sizeof(buf) && stat(buf, &st) < 0) {
42	+ char *scon;
43	+
44	+ matchpathcon(buf, 0700, &scon);
45	+ setfscreatecon(scon);
46	if (mkdir(buf, 0700) < 0)
47	error("Could not create directory '%.200s'.", buf);
48	-
49	+ setfscreatecon(NULL);
50	+ }
51	/* load options.identity_files */
52	load_public_identity_files();
53
admin@fedoraproject.org	ViewVC Help
Powered by ViewVC 1.1.2