Displaying 2 results from an estimated 2 matches for "secclass_chr_file".
2015 Oct 22
3
[Bug 2482] New: SELinux integration
.../bugzilla.mindrot.org/attachment.cgi?id=2733&action=edit
selinux patches (1 - 4)
Our bugzilla [1] was another impulse to review SELinux integration in
openssh and preferably contribute the changes back to upstream in some
understandable format after the years:
1) Usage of hard-coded constant (SECCLASS_CHR_FILE) is not advised
anymore, we should use string_to_security_class instead. This is
related to removal of selinux/flash header file. [2]
2) The second part is about context handling. We get new context as
exec context, from PAM or from ssh_selinux_setup_exec_context. We can't
(and don't want...
2004 Sep 07
0
Please review openssh patch for selinux
...L, old_tty_context=NULL;
+
+ user_context=selinux_get_user_context(name);
+
+ if (getfilecon(tty, &old_tty_context) < 0) {
+ error("getfilecon(%.100s) failed: %.100s", tty, strerror(errno));
+ } else {
+ if (security_compute_relabel(user_context,old_tty_context,
+ SECCLASS_CHR_FILE,
+ &new_tty_context) != 0) {
+ error("security_compute_relabel(%.100s) failed: %.100s", tty,
+ strerror(errno));
+ } else {
+ if (setfilecon (tty, new_tty_context) != 0)
+ error("setfilecon(%.100s, %s) failed: %.100s",
+ tty, new_tty...