search for: get_default_context

Currently I have a RH6.1 host with selinux enabled On this I am running a LXC container with ubuntu (without selinux) with OpenSSH_5.3p1 Debian-3ubuntu4, OpenSSL 0.9.8k 25 Mar 2009 when I try to do a ssh connection to the lxc container I get : ... debug1: Next authentication method: password root at 192.168.2.11's password: debug1: Authentication succeeded (password). debug1: channel 0: new

...n the wrong context (for instance kernel_t) a logon of a user through SSH causes the session to terminate abruptly due to a segmentation fault. This is caused by not initializing the local variable "sc" in the openbsd-compat/port-linux.c::ssh_selinux_getctxbyname() function. The call to get_default_context() will result in the return code -1, but "sc" is left untouched (and thus not a valid security_context_t instance). Later in the function, "sc" is returned to the calling function (which is ssh_selinux_setup_exec_context) which tries to free the context through freecon(user_ctx)...

...nux/flask.h> +#include <selinux/context.h> +#include <selinux/get_context_list.h> +#include <selinux/get_default_type.h> +extern Authctxt *the_authctxt; + +static const security_context_t selinux_get_user_context(const char *name) { + security_context_t user_context=NULL; + if (get_default_context(name,NULL,&user_context)) { + if (security_getenforce() > 0) + fatal("Failed to get default security context for %s.", name); + else + error("Failed to get default security context for %s. Continuing in permissve mode", name); + } else { + if (the_authctxt) { +...