[openssh-commits] [openssh] 01/03: avoid inclusion of deprecated selinux/flask.h

[git+noreply at mindrot.org]

This is an automated email from the git hooks/post-receive script.

djm pushed a commit to branch master
in repository openssh.

commit bda709b8e13d3eef19e69c2d1684139e3af728f5
Author: Damien Miller <djm at mindrot.org>
Date:   Mon Feb 26 12:17:22 2018 +1100

    avoid inclusion of deprecated selinux/flask.h
    
    Use string_to_security_class() instead.
---
 openbsd-compat/port-linux.c | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/openbsd-compat/port-linux.c b/openbsd-compat/port-linux.c
index e4c5d1b7..8c5325cc 100644
--- a/openbsd-compat/port-linux.c
+++ b/openbsd-compat/port-linux.c
@@ -33,7 +33,6 @@
 
 #ifdef WITH_SELINUX
 #include <selinux/selinux.h>
-#include <selinux/flask.h>
 #include <selinux/get_context_list.h>
 
 #ifndef SSH_SELINUX_UNCONFINED_TYPE
@@ -139,6 +138,7 @@ ssh_selinux_setup_pty(char *pwname, const char *tty)
 	security_context_t new_tty_ctx = NULL;
 	security_context_t user_ctx = NULL;
 	security_context_t old_tty_ctx = NULL;
+	security_class_t chrclass;
 
 	if (!ssh_selinux_enabled())
 		return;
@@ -153,9 +153,12 @@ ssh_selinux_setup_pty(char *pwname, const char *tty)
 		error("%s: getfilecon: %s", __func__, strerror(errno));
 		goto out;
 	}
-
+	if ((chrclass = string_to_security_class("chr_file")) == 0) {
+		error("%s: couldn't get security class for chr_file", __func__);
+		goto out;
+	}
 	if (security_compute_relabel(user_ctx, old_tty_ctx,
-	    SECCLASS_CHR_FILE, &new_tty_ctx) != 0) {
+	    chrclass, &new_tty_ctx) != 0) {
 		error("%s: security_compute_relabel: %s",
 		    __func__, strerror(errno));
 		goto out;

-- 
To stop receiving notification emails like this one, please contact
djm at mindrot.org.