[Bug 880] SELinux patch

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Sun Apr 16 18:23:58 EST 2006


http://bugzilla.mindrot.org/show_bug.cgi?id=880





------- Comment #6 from djm at mindrot.org  2006-04-16 18:23 -------
(In reply to comment #5)
> Instead of doing this, I think we ought to split $LIBS up differently: generic
> libs required for all programs, one for just the crypto libs and associated,
> one for sshd only.  The latter could replace LIBPAM and LIBWRAP.

I agree, a $SSHDLIBS would be nicer.

> >+			if [ -x /sbin/restorecon ]; then
> >+			    /sbin/restorecon $RSA1_KEY.pub
> >+			fi
> 
> Is this a a valid thing to do, eg, if selinux is installed but disabled at
> runtime?

Ubuntu does it in a couple of things in /etc/init.d unconditionally, though not
for ssh in the current stable release. I think it just resets the extended
silesystem attributes on the file, which are only used by SELinux when it is
actually turned on.

> Still need to look through the rest of the patch...




------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.




More information about the openssh-bugs mailing list