port-linux.c (181110) | port-linux.c (181111) |
---|---|
1/* $Id: port-linux.c,v 1.3 2006/09/01 05:38:41 djm Exp $ */ | 1/* $Id: port-linux.c,v 1.5 2008/03/26 20:27:21 dtucker Exp $ */ |
2 3/* 4 * Copyright (c) 2005 Daniel Walsh <dwalsh@redhat.com> 5 * Copyright (c) 2006 Damien Miller <djm@openbsd.org> 6 * 7 * Permission to use, copy, modify, and distribute this software for any 8 * purpose with or without fee is hereby granted, provided that the above 9 * copyright notice and this permission notice appear in all copies. --- 21 unchanged lines hidden (view full) --- 31#include "log.h" 32#include "port-linux.h" 33 34#include <selinux/selinux.h> 35#include <selinux/flask.h> 36#include <selinux/get_context_list.h> 37 38/* Wrapper around is_selinux_enabled() to log its return value once only */ | 2 3/* 4 * Copyright (c) 2005 Daniel Walsh <dwalsh@redhat.com> 5 * Copyright (c) 2006 Damien Miller <djm@openbsd.org> 6 * 7 * Permission to use, copy, modify, and distribute this software for any 8 * purpose with or without fee is hereby granted, provided that the above 9 * copyright notice and this permission notice appear in all copies. --- 21 unchanged lines hidden (view full) --- 31#include "log.h" 32#include "port-linux.h" 33 34#include <selinux/selinux.h> 35#include <selinux/flask.h> 36#include <selinux/get_context_list.h> 37 38/* Wrapper around is_selinux_enabled() to log its return value once only */ |
39static int | 39int |
40ssh_selinux_enabled(void) 41{ 42 static int enabled = -1; 43 44 if (enabled == -1) { 45 enabled = is_selinux_enabled(); 46 debug("SELinux support %s", enabled ? "enabled" : "disabled"); 47 } --- 26 unchanged lines hidden (view full) --- 74 if (r != 0) { 75 switch (security_getenforce()) { 76 case -1: 77 fatal("%s: ssh_selinux_getctxbyname: " 78 "security_getenforce() failed", __func__); 79 case 0: 80 error("%s: Failed to get default SELinux security " 81 "context for %s", __func__, pwname); | 40ssh_selinux_enabled(void) 41{ 42 static int enabled = -1; 43 44 if (enabled == -1) { 45 enabled = is_selinux_enabled(); 46 debug("SELinux support %s", enabled ? "enabled" : "disabled"); 47 } --- 26 unchanged lines hidden (view full) --- 74 if (r != 0) { 75 switch (security_getenforce()) { 76 case -1: 77 fatal("%s: ssh_selinux_getctxbyname: " 78 "security_getenforce() failed", __func__); 79 case 0: 80 error("%s: Failed to get default SELinux security " 81 "context for %s", __func__, pwname); |
82 break; |
|
82 default: 83 fatal("%s: Failed to get default SELinux security " 84 "context for %s (in enforcing mode)", 85 __func__, pwname); 86 } 87 } 88 89#ifdef HAVE_GETSEUSERBYNAME --- 20 unchanged lines hidden (view full) --- 110 user_ctx = ssh_selinux_getctxbyname(pwname); 111 if (setexeccon(user_ctx) != 0) { 112 switch (security_getenforce()) { 113 case -1: 114 fatal("%s: security_getenforce() failed", __func__); 115 case 0: 116 error("%s: Failed to set SELinux execution " 117 "context for %s", __func__, pwname); | 83 default: 84 fatal("%s: Failed to get default SELinux security " 85 "context for %s (in enforcing mode)", 86 __func__, pwname); 87 } 88 } 89 90#ifdef HAVE_GETSEUSERBYNAME --- 20 unchanged lines hidden (view full) --- 111 user_ctx = ssh_selinux_getctxbyname(pwname); 112 if (setexeccon(user_ctx) != 0) { 113 switch (security_getenforce()) { 114 case -1: 115 fatal("%s: security_getenforce() failed", __func__); 116 case 0: 117 error("%s: Failed to set SELinux execution " 118 "context for %s", __func__, pwname); |
119 break; |
|
118 default: 119 fatal("%s: Failed to set SELinux execution context " 120 "for %s (in enforcing mode)", __func__, pwname); 121 } 122 } 123 if (user_ctx != NULL) 124 freecon(user_ctx); 125 --- 44 unchanged lines hidden --- | 120 default: 121 fatal("%s: Failed to set SELinux execution context " 122 "for %s (in enforcing mode)", __func__, pwname); 123 } 124 } 125 if (user_ctx != NULL) 126 freecon(user_ctx); 127 --- 44 unchanged lines hidden --- |