[Bug 1726] New: ChrootDirectory doesn't work with SE Linux

bugzilla-daemon at bugzilla.mindrot.org bugzilla-daemon at bugzilla.mindrot.org
Tue Mar 2 01:00:01 EST 2010


https://bugzilla.mindrot.org/show_bug.cgi?id=1726

           Summary: ChrootDirectory doesn't work with SE Linux
           Product: Portable OpenSSH
           Version: 5.3p1
          Platform: Other
               URL: http://bugs.debian.org/556644
        OS/Version: Linux
            Status: NEW
          Severity: normal
          Priority: P2
         Component: sshd
        AssignedTo: unassigned-bugs at mindrot.org
        ReportedBy: cjwatson at debian.org


Created an attachment (id=1800)
 --> (https://bugzilla.mindrot.org/attachment.cgi?id=1800)
call ssh_selinux_setup_exec_context before chrooting

This patch is from Russell Coker <russell at coker.com.au>; I know little
about SE Linux myself and defer to him for domain knowledge.  He says:

"The following patch allows the chroot functionality for sftp (and
probably regular logins) work with SE Linux.  After chroot() is called
the SE Linux context setting won't work unless /selinux and /proc are
mounted in the chroot environment.  Even worse, if the user has control
over the chroot environment then they may be able to control the
context that they get (I haven't verified this)."

-- 
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.


More information about the openssh-bugs mailing list