[Bug 880] SELinux patch
bugzilla-daemon at mindrot.org
bugzilla-daemon at mindrot.org
Sun Apr 16 18:23:58 EST 2006
http://bugzilla.mindrot.org/show_bug.cgi?id=880
------- Comment #6 from djm at mindrot.org 2006-04-16 18:23 -------
(In reply to comment #5)
> Instead of doing this, I think we ought to split $LIBS up differently: generic
> libs required for all programs, one for just the crypto libs and associated,
> one for sshd only. The latter could replace LIBPAM and LIBWRAP.
I agree, a $SSHDLIBS would be nicer.
> >+ if [ -x /sbin/restorecon ]; then
> >+ /sbin/restorecon $RSA1_KEY.pub
> >+ fi
>
> Is this a a valid thing to do, eg, if selinux is installed but disabled at
> runtime?
Ubuntu does it in a couple of things in /etc/init.d unconditionally, though not
for ssh in the current stable release. I think it just resets the extended
silesystem attributes on the file, which are only used by SELinux when it is
actually turned on.
> Still need to look through the rest of the patch...
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
More information about the openssh-bugs
mailing list