- (dtucker) Cache selinux status earlier so we know if it's enabled after a
chroot. Allows ChrootDirectory to work with selinux support compiled in
but not enabled. Using it with selinux enabled will require some selinux
support inside the chroot. "looks sane" djm@
diff --git a/ChangeLog b/ChangeLog
index e943a83..4542988 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,9 @@
+20080327
+ - (dtucker) Cache selinux status earlier so we know if it's enabled after a
+ chroot. Allows ChrootDirectory to work with selinux support compiled in
+ but not enabled. Using it with selinux enabled will require some selinux
+ support inside the chroot. "looks sane" djm@
+
20080315
- (djm) [regress/test-exec.sh] Quote putty-related variables in case they are
empty; report and patch from Peter Stuge
@@ -3765,4 +3771,4 @@
OpenServer 6 and add osr5bigcrypt support so when someone migrates
passwords between UnixWare and OpenServer they will still work. OK dtucker@
-$Id: ChangeLog,v 1.4879 2008/03/15 06:27:58 djm Exp $
+$Id: ChangeLog,v 1.4880 2008/03/26 20:27:20 dtucker Exp $
diff --git a/openbsd-compat/port-linux.c b/openbsd-compat/port-linux.c
index 2f697e7..ad26275 100644
--- a/openbsd-compat/port-linux.c
+++ b/openbsd-compat/port-linux.c
@@ -1,4 +1,4 @@
-/* $Id: port-linux.c,v 1.4 2007/06/27 22:48:03 djm Exp $ */
+/* $Id: port-linux.c,v 1.5 2008/03/26 20:27:21 dtucker Exp $ */
/*
* Copyright (c) 2005 Daniel Walsh <dwalsh@redhat.com>
@@ -36,7 +36,7 @@
#include <selinux/get_context_list.h>
/* Wrapper around is_selinux_enabled() to log its return value once only */
-static int
+int
ssh_selinux_enabled(void)
{
static int enabled = -1;
diff --git a/openbsd-compat/port-linux.h b/openbsd-compat/port-linux.h
index 05e520e..5cd39bf 100644
--- a/openbsd-compat/port-linux.h
+++ b/openbsd-compat/port-linux.h
@@ -1,4 +1,4 @@
-/* $Id: port-linux.h,v 1.1 2006/04/22 11:26:08 djm Exp $ */
+/* $Id: port-linux.h,v 1.2 2008/03/26 20:27:21 dtucker Exp $ */
/*
* Copyright (c) 2006 Damien Miller <djm@openbsd.org>
@@ -20,6 +20,7 @@
#define _PORT_LINUX_H
#ifdef WITH_SELINUX
+int ssh_selinux_enabled(void);
void ssh_selinux_setup_pty(char *, const char *);
void ssh_selinux_setup_exec_context(char *);
#endif
diff --git a/session.c b/session.c
index 92282f9..54621a4 100644
--- a/session.c
+++ b/session.c
@@ -1345,6 +1345,11 @@
{
char *chroot_path, *tmp;
+#ifdef WITH_SELINUX
+ /* Cache selinux status for later use */
+ (void)ssh_selinux_enabled();
+#endif
+
#ifndef HAVE_CYGWIN
if (getuid() == 0 || geteuid() == 0)
#endif /* HAVE_CYGWIN */