[openssh-commits] [openssh] 01/01: replace deprecate selinux matchpathcon function
git+noreply at mindrot.org
git+noreply at mindrot.org
Wed Jul 12 11:42:59 AEST 2023
This is an automated email from the git hooks/post-receive script.
djm pushed a commit to branch master
in repository openssh.
commit 8c7203bcee4c4f98a22487b4631fe068b992099b
Author: Damien Miller <djm at mindrot.org>
Date: Wed Jul 12 11:41:19 2023 +1000
replace deprecate selinux matchpathcon function
This function is apparently deprecated. Documentation on what is the
supposed replacement is is non-existent, so this follows the approach
glibc used https://sourceware.org/git/?p=glibc.git;a=patch;h=f278835f59
ok dtucker@
---
openbsd-compat/port-linux.c | 9 ++++++++-
1 file changed, 8 insertions(+), 1 deletion(-)
diff --git a/openbsd-compat/port-linux.c b/openbsd-compat/port-linux.c
index 77cb8213..4ca8c2b7 100644
--- a/openbsd-compat/port-linux.c
+++ b/openbsd-compat/port-linux.c
@@ -34,6 +34,7 @@
#ifdef WITH_SELINUX
#include <selinux/selinux.h>
+#include <selinux/label.h>
#include <selinux/get_context_list.h>
#ifndef SSH_SELINUX_UNCONFINED_TYPE
@@ -222,6 +223,7 @@ void
ssh_selinux_setfscreatecon(const char *path)
{
char *context;
+ struct selabel_handle *shandle = NULL;
if (!ssh_selinux_enabled())
return;
@@ -229,8 +231,13 @@ ssh_selinux_setfscreatecon(const char *path)
setfscreatecon(NULL);
return;
}
- if (matchpathcon(path, 0700, &context) == 0)
+ if ((shandle = selabel_open(SELABEL_CTX_FILE, NULL, 0)) == NULL) {
+ debug_f("selabel_open failed");
+ return;
+ }
+ if (selabel_lookup(shandle, &context, path, 0700) == 0)
setfscreatecon(context);
+ selabel_close(shandle);
}
#endif /* WITH_SELINUX */
--
To stop receiving notification emails like this one, please contact
djm at mindrot.org.
More information about the openssh-commits
mailing list