[Bug 1726] New: ChrootDirectory doesn't work with SE Linux
bugzilla-daemon at bugzilla.mindrot.org
bugzilla-daemon at bugzilla.mindrot.org
Tue Mar 2 01:00:01 EST 2010
https://bugzilla.mindrot.org/show_bug.cgi?id=1726
Summary: ChrootDirectory doesn't work with SE Linux
Product: Portable OpenSSH
Version: 5.3p1
Platform: Other
URL: http://bugs.debian.org/556644
OS/Version: Linux
Status: NEW
Severity: normal
Priority: P2
Component: sshd
AssignedTo: unassigned-bugs at mindrot.org
ReportedBy: cjwatson at debian.org
Created an attachment (id=1800)
--> (https://bugzilla.mindrot.org/attachment.cgi?id=1800)
call ssh_selinux_setup_exec_context before chrooting
This patch is from Russell Coker <russell at coker.com.au>; I know little
about SE Linux myself and defer to him for domain knowledge. He says:
"The following patch allows the chroot functionality for sftp (and
probably regular logins) work with SE Linux. After chroot() is called
the SE Linux context setting won't work unless /selinux and /proc are
mounted in the chroot environment. Even worse, if the user has control
over the chroot environment then they may be able to control the
context that they get (I haven't verified this)."
--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
More information about the openssh-bugs
mailing list