openssh bugs - Jun 2009 - [Bug 1614] New: ssh-copy-id doesn't seem to set correct selinux permissions

https://bugzilla.mindrot.org/show_bug.cgi?id=1614

           Summary: ssh-copy-id doesn't seem to set correct selinux
                    permissions
           Product: Portable OpenSSH
           Version: 5.2p1
          Platform: Other
        OS/Version: Linux
            Status: NEW
          Severity: normal
          Priority: P2
         Component: Miscellaneous
        AssignedTo: unassigned-bugs at mindrot.org
        ReportedBy: jchadima at redhat.com


Created an attachment (id=1655)
 --> (http://bugzilla.mindrot.org/attachment.cgi?id=1655)
patch solving the problem

Using ssh-copy-id to copy a ssh key to a new f11 host that has selinux
enabled,
the authorized_keys file is created on the remote host with an
incorrect
context.

-- 
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=1614

--- Comment #1 from jchadima at redhat.com  ---
Created attachment 1917
  --> https://bugzilla.mindrot.org/attachment.cgi?id=1917
Patch suitable for openssh-5.6p1

-- 
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=1614

--- Comment #2 from Darren Tucker <dtucker at zip.com.au> 2010-09-10
11:11:22 EST ---
Created attachment 1922
  --> https://bugzilla.mindrot.org/attachment.cgi?id=1922
openssh-selinux-sshdir.patch

equivalent patch that won't break every non-linux non-selinux platform.

-- 
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=1614

Darren Tucker <dtucker at zip.com.au> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
   Attachment #1922|0                           |1
           is patch|                            |

--- Comment #3 from Darren Tucker <dtucker at zip.com.au> 2010-09-10
11:19:58 EST ---
Comment on attachment 1922
  --> https://bugzilla.mindrot.org/attachment.cgi?id=1922
openssh-selinux-sshdir.patch

why is this even necessary?

-- 
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=1614

Darren Tucker <dtucker at zip.com.au> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
   Attachment #1655|0                           |1
        is obsolete|                            |

-- 
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=1614

Darren Tucker <dtucker at zip.com.au> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
   Attachment #1917|0                           |1
        is obsolete|                            |

-- 
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=1614

Darren Tucker <dtucker at zip.com.au> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
   Attachment #1922|                            |ok?(djm at mindrot.org)
              Flags|                            |

-- 
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=1614

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
   Attachment #1922|ok?(djm at mindrot.org)        |ok+
              Flags|                            |

-- 
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=1614

jchadima at redhat.com changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |jchadima at redhat.com

--- Comment #4 from jchadima at redhat.com 2010-09-13 18:49:52 EST ---
(In reply to comment #3)
> Comment on attachment 1922 [details]
> openssh-selinux-sshdir.patch
> 
> why is this even necessary?
because without it, the files/directories created are unaccessible for
ssh/sshd on some installations.

-- 
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=1614

--- Comment #5 from jchadima at redhat.com 2010-09-13 20:32:33 EST ---
Created attachment 1923
  --> https://bugzilla.mindrot.org/attachment.cgi?id=1923
Patch repaired for the SELinux environment without loaded rules

Change patch to work correctly on SELinux environment without loaded
SELinux rules.

-- 
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.