- (djm) [session.c] Allow ChrootDirectory to work on SELinux platforms -
set up SELinux execution context before chroot() call. From Russell
Coker via Colin watson; bz#1726 ok dtucker@
diff --git a/ChangeLog b/ChangeLog
index cf3558c..c569328 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -8,6 +8,9 @@
[servconf.c]
from portable: getcwd(NULL, 0) doesn't work on all platforms, so
use a stack buffer; ok dtucker@
+ - (djm) [session.c] Allow ChrootDirectory to work on SELinux platforms -
+ set up SELinux execution context before chroot() call. From Russell
+ Coker via Colin watson; bz#1726 ok dtucker@
20100324
- (dtucker) [contrib/cygwin/ssh-host-config] Mount the Windows directory
diff --git a/session.c b/session.c
index 639405f..e032de6 100644
--- a/session.c
+++ b/session.c
@@ -1551,6 +1551,10 @@
}
#endif /* HAVE_SETPCRED */
+#ifdef WITH_SELINUX
+ ssh_selinux_setup_exec_context(pw->pw_name);
+#endif
+
if (options.chroot_directory != NULL &&
strcasecmp(options.chroot_directory, "none") != 0) {
tmp = tilde_expand_filename(options.chroot_directory,
@@ -1575,10 +1579,6 @@
if (getuid() != pw->pw_uid || geteuid() != pw->pw_uid)
fatal("Failed to set uids to %u.", (u_int) pw->pw_uid);
-
-#ifdef WITH_SELINUX
- ssh_selinux_setup_exec_context(pw->pw_name);
-#endif
}
static void