search for: security_context_t

...ue to a segmentation fault. This is caused by not initializing the local variable "sc" in the openbsd-compat/port-linux.c::ssh_selinux_getctxbyname() function. The call to get_default_context() will result in the return code -1, but "sc" is left untouched (and thus not a valid security_context_t instance). Later in the function, "sc" is returned to the calling function (which is ssh_selinux_setup_exec_context) which tries to free the context through freecon(user_ctx). This can be fixed by initializing sc to NULL to begin with (see line 59): 55 /* Return the default security co...

...uot; +#include "log.h" + +#ifdef WITH_SELINUX +#include <selinux/selinux.h> +#include <selinux/flask.h> +#include <selinux/context.h> +#include <selinux/get_context_list.h> +#include <selinux/get_default_type.h> +extern Authctxt *the_authctxt; + +static const security_context_t selinux_get_user_context(const char *name) { + security_context_t user_context=NULL; + if (get_default_context(name,NULL,&user_context)) { + if (security_getenforce() > 0) + fatal("Failed to get default security context for %s.", name); + else + error("Failed to get de...

https://bugzilla.mindrot.org/show_bug.cgi?id=1637 Summary: Change the context when starting internal-sftp Product: Portable OpenSSH Version: 5.2p1 Platform: Other OS/Version: Linux Status: NEW Severity: normal Priority: P2 Component: sftp-server AssignedTo: unassigned-bugs at mindrot.org

...&& defined(HAVE_SETCON) if (setcon ((char *) context) == -1) { reply_with_perror ("setcon"); return -1; @@ -55,7 +53,7 @@ do_setcon (const char *context) char * do_getcon (void) { -#ifdef HAVE_GETCON +#if defined(HAVE_LIBSELINUX) && defined(HAVE_GETCON) security_context_t context; char *r; @@ -77,5 +75,3 @@ do_getcon (void) return -1; #endif } - -#endif /* HAVE_LIBSELINUX */ -- 1.6.2.5 -------------- next part -------------- >From 715f3083ad7625bca182fd1d87e20f56c5b6752b Mon Sep 17 00:00:00 2001 From: Richard Jones <rjones at trick.home.annexia.org...

Link to version 1: https://www.redhat.com/archives/libguestfs/2013-February/thread.html#00122 Changes since version 1: - I've pushed two (of the three) code refactoring patches. The third one proved rather hard to move. - selinuxnorelabel option is no more. Instead there is a second internal API (internal_set_libvirt_selinux_norelabel_disks). - fixed bogus commit message -

QEMU upstream has broken snapshot=on ... again. These two patches stop using it entirely. Instead we run 'qemu-img create' to create overlay disks as required. Note that the libvirt and UML backends were already doing this: The libvirt backend because <transient/> has never worked, and the UML backend was running uml_mkcow because the UML-equivalent syntax of snapshot=on was

From: "Richard W.M. Jones" <rjones at redhat.com> Callers are supposed to use the availability API to check for functions that may not be available in particular builds of libguestfs. If they don't do this, currently they tend to get obscure error messages, eg: libguestfs: error: zerofree: /dev/vda1: zerofree: No such file or directory This commit changes the error