[Bug 3641] New: Improved SELinux support for openssh
bugzilla-daemon at mindrot.org
bugzilla-daemon at mindrot.org
Thu Dec 7 21:26:48 AEDT 2023
https://bugzilla.mindrot.org/show_bug.cgi?id=3641
Bug ID: 3641
Summary: Improved SELinux support for openssh
Product: Portable OpenSSH
Version: 9.5p1
Hardware: Other
OS: Linux
Status: NEW
Severity: enhancement
Priority: P5
Component: Miscellaneous
Assignee: unassigned-bugs at mindrot.org
Reporter: jsegitz at suse.de
We (openSUSE) recently added patches for openssh that Fedora already
carried for a long time:
https://build.opensuse.org/package/show/openSUSE:Factory/openssh
We added five patches:
* openssh-7.8p1-role-mls.patch
Proper handling of MLS systems and basis for other SELinux
improvements
* openssh-6.6p1-privsep-selinux.patch
Properly set contexts during privilege separation
* openssh-6.6p1-keycat.patch
Add ssh-keycat command to allow retrival of authorized_keys
on MLS setups with polyinstantiation
* openssh-6.6.1p1-selinux-contexts.patch
Additional changes to set the proper context during privilege
separation
* openssh-7.6p1-cleanup-selinux.patch
Various changes and putting the pieces together
I would like to get these changes upstream. SELinux is now pretty
common on Linux systems and without these patches some functionality
(e.g. proxy jump doesn't work).
I want to see if you're in general willing to take this. Because the
current state would need to be reworked to have this split up a bit
better, but I would not do this if you don't want to take it.
--
You are receiving this mail because:
You are watching the assignee of the bug.
More information about the openssh-bugs
mailing list