bugzilla-daemon at mindrot.org
2023-Dec-07 10:26 UTC
[Bug 3641] New: Improved SELinux support for openssh
https://bugzilla.mindrot.org/show_bug.cgi?id=3641
Bug ID: 3641
Summary: Improved SELinux support for openssh
Product: Portable OpenSSH
Version: 9.5p1
Hardware: Other
OS: Linux
Status: NEW
Severity: enhancement
Priority: P5
Component: Miscellaneous
Assignee: unassigned-bugs at mindrot.org
Reporter: jsegitz at suse.de
We (openSUSE) recently added patches for openssh that Fedora already
carried for a long time:
https://build.opensuse.org/package/show/openSUSE:Factory/openssh
We added five patches:
* openssh-7.8p1-role-mls.patch
Proper handling of MLS systems and basis for other SELinux
improvements
* openssh-6.6p1-privsep-selinux.patch
Properly set contexts during privilege separation
* openssh-6.6p1-keycat.patch
Add ssh-keycat command to allow retrival of authorized_keys
on MLS setups with polyinstantiation
* openssh-6.6.1p1-selinux-contexts.patch
Additional changes to set the proper context during privilege
separation
* openssh-7.6p1-cleanup-selinux.patch
Various changes and putting the pieces together
I would like to get these changes upstream. SELinux is now pretty
common on Linux systems and without these patches some functionality
(e.g. proxy jump doesn't work).
I want to see if you're in general willing to take this. Because the
current state would need to be reworked to have this split up a bit
better, but I would not do this if you don't want to take it.
--
You are receiving this mail because:
You are watching the assignee of the bug.
bugzilla-daemon at mindrot.org
2023-Dec-07 10:27 UTC
[Bug 3641] Improved SELinux support for openssh
https://bugzilla.mindrot.org/show_bug.cgi?id=3641
jsegitz at suse.de changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |jsegitz at suse.de
--
You are receiving this mail because:
You are watching the assignee of the bug.
bugzilla-daemon at mindrot.org
2023-Dec-11 10:12 UTC
[Bug 3641] Improved SELinux support for openssh
https://bugzilla.mindrot.org/show_bug.cgi?id=3641
Damien Miller <djm at mindrot.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |djm at mindrot.org
--- Comment #1 from Damien Miller <djm at mindrot.org> ---
Happy to review the patches. There is support for SELinux already
integrated, but I don't run with SELinux enabled anywhere so testing of
it is largely up to the community.
--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
bugzilla-daemon at mindrot.org
2023-Dec-20 08:31 UTC
[Bug 3641] Improved SELinux support for openssh
https://bugzilla.mindrot.org/show_bug.cgi?id=3641 --- Comment #2 from jsegitz at suse.de --- thank you. I'll started to work on this, but it'll take a while since there are other tasks and the upcoming holiday season. I'll attach something here in January when I reworked the patches -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug.