search for: setexeccon

...t; ; then > + save_LIBS="$LIBS" > AC_DEFINE(WITH_SELINUX,1,[Define if you want SELinux support.]) > SELINUX_MSG="yes" > AC_CHECK_HEADER([selinux/selinux.h], , > AC_MSG_ERROR(SELinux support requires selinux.h header)) > AC_CHECK_LIB(selinux, setexeccon, [ LIBSELINUX="-lselinux" ], > AC_MSG_ERROR(SELinux support requires libselinux library)) > - save_LIBS="$LIBS" > - LIBS="$LIBS $LIBSELINUX" > + SSHDLIBS="$SSHDLIBS $LIBSELINUX" > AC_CHECK_FUNCS(getseuserbyname get_default_context_...

https://bugzilla.mindrot.org/show_bug.cgi?id=1891 Summary: selinux policy does not like to exec passwd from sshd directly Product: Portable OpenSSH Version: 5.8p1 Platform: All OS/Version: Linux Status: NEW Severity: normal Priority: P2 Component: sshd AssignedTo:

...exit(1)" just after the password change. static void do_pwchange(Session *s) { fflush(NULL); fprintf(stderr, "WARNING: Your password has expired.\n"); if (s->ttyfd != -1) { fprintf(stderr, "You must change your password now and login again!\n"); #ifdef WITH_SELINUX setexeccon(NULL); #endif #ifdef PASSWD_NEEDS_USERNAME execl(_PATH_PASSWD_PROG, "passwd", s->pw->pw_name, (char *)NULL); #else execl(_PATH_PASSWD_PROG, "passwd", (char *)NULL); #endif perror("passwd"); } else { fprintf(stderr, "Password change required but no TT...

....ac | 3 +++ 1 file changed, 3 insertions(+) --- openssh-4.4p1.orig/configure.ac 2006-09-24 15:08:59.000000000 -0400 +++ openssh-4.4p1/configure.ac 2006-10-02 22:22:41.658955080 -0400 @@ -3145,7 +3145,10 @@ AC_MSG_ERROR(SELinux support requires selinux.h header)) AC_CHECK_LIB(selinux, setexeccon, [ LIBSELINUX="-lselinux" ], AC_MSG_ERROR(SELinux support requires libselinux library)) + save_LIBS="$LIBS" + LIBS="$LIBS $LIBSELINUX" AC_CHECK_FUNCS(getseuserbyname get_default_context_with_level) + LIBS="$save_LIBS" fi ] ) AC_SUBST(LIBSELIN...

...s changed, 1 insertions(+), 1 deletions(-) diff --git a/daemon/configure.ac b/daemon/configure.ac index 62c28ee..b0c7f26 100644 --- a/daemon/configure.ac +++ b/daemon/configure.ac @@ -68,7 +68,7 @@ dnl Check for libselinux (optional). AC_CHECK_HEADERS([selinux/selinux.h]) AC_CHECK_LIB([selinux],[setexeccon],[ LIBS="-lselinux $LIBS" - have_libselinux="$ac_cv_header_selinux_selinux_h" + have_libselinux="$ac_cv_header_selinux_selinux_h" AC_CHECK_FUNCS([setcon getcon]) ],[have_libselinux=no]) if test "x$have_libselinux" = "xy...

...xt fork/exec to change the context for us, since it can be after chroot (which needs to be handled in special way). Therefore we want to do this context swap with other capabilities swap. This adds the context switches in do_setusercontext() function. This will avoid us from need to call additional setexeccon from user context (and the need of this capability) if the user needs to switch password. Also the sftpd_t context is not used anymore (sftp runs under context of the actual user). [1] 3) The last bits so far are related to the privilege separation SELinux context (the net child is confined as ssh...

...withval" != "xno" ; then + save_LIBS="$LIBS" AC_DEFINE(WITH_SELINUX,1,[Define if you want SELinux support.]) SELINUX_MSG="yes" AC_CHECK_HEADER([selinux/selinux.h], , AC_MSG_ERROR(SELinux support requires selinux.h header)) AC_CHECK_LIB(selinux, setexeccon, [ LIBSELINUX="-lselinux" ], AC_MSG_ERROR(SELinux support requires libselinux library)) - save_LIBS="$LIBS" - LIBS="$LIBS $LIBSELINUX" + SSHDLIBS="$SSHDLIBS $LIBSELINUX" AC_CHECK_FUNCS(getseuserbyname get_default_context_with_level) LIBS=&quot...

This is continuing/summarising a rather long discussion that happened on IRC ... We talked to some SELinux experts about what was required to make SELinux work with libguestfs, and it seems reasonably simple to load the policy from the guest filesystem. All that needs to be done is to mount the guest disks up and then run: sh "/usr/sbin/load_policy -i" That command also mounts up

Hi If I try to run configure for openssh-5.1p1 with --wtih-selinux option it fails giving the error "selinux support requires selinux library" all of the below also dont work a) --wtih-selinux b) --wtih-selinux=path of cross complied library c) LDFLAGS=-Lpath of cross complied library if I remove --wtih-selinux option I am able to everything is fine. How to solve this error? Thanks

Brought to you by the "I haven't rebuilt the libguestfs universe in a while" saga -- now with working test suite. Pino Toscano (5): build: remove extra gnulib submodule build: remove extra checks and submodules build: stop using gnulib in test-harness build: remove unused gnulib modules Remove extra entries from podfiles .gitmodules | 3 -- Makefile.am

...)); + freecon(new_tty_context); + } + freecon(old_tty_context); + } + if (user_context) { + freecon(user_context); + } + } +} + +void setup_selinux_exec_context(char *name) { + + if (is_selinux_enabled() > 0) { + security_context_t user_context=selinux_get_user_context(name); + if (setexeccon(user_context)) { + if (security_getenforce() > 0) + fatal("Failed to set exec security context %s for %s.", user_context, name); + else + error("Failed to set exec security context %s for %s. Continuing in permissive mode", user_context, name); + } + if (user_co...

Brought to you by the "I haven't rebuilt the libguestfs universe in a while" saga. Pino Toscano (5): build: remove extra gnulib submodule build: remove extra checks and submodules build: stop using gnulib in test-harness build: remove unused gnulib modules Remove extra entries from podfiles .gitmodules | 3 -- Makefile.am | 2 - bootstrap

...brary containing xdrmem_create... none required checking for library containing xdr_u_int64_t... no checking for library containing xdr_uint64_t... none required checking selinux/selinux.h usability... yes checking selinux/selinux.h presence... yes checking for selinux/selinux.h... yes checking for setexeccon in -lselinux... yes checking for setcon... yes checking for getcon... yes checking sys/sdt.h usability... no checking sys/sdt.h presence... no checking for sys/sdt.h... no checking for cpio... cpio checking for gperf... gperf checking for perl... perl checking for Pod::Man... yes checking for Pod::...

Hi Rich Yes Rich I have tried libguesftfs on powerpc and it was working fine.For some reason i had to format my hard disk and now when I'm again compiling it,I'm getting following error.... Below is the status of configure .. This is how we have configured the optional components for you today: Daemon .............................. yes Appliance ........................... yes QEMU

Two (not related to each other) refactorings: Patches 1-12 split configure.ac into smaller files using the m4_include mechanism. Patches 13-15 split out parts of guestfs.pod (ie. guestfs(3)) into three new manual pages: guestfs-hacking(3) - how to extend and contribute to libguestfs guestfs-internals(3) - architecture and internals guestfs-security(3) - security and CVEs Patch 16 is a

...checking for gperf... gperf checking for aug_match in -laugeas... yes checking for aug_load... yes checking for aug_defvar... yes checking for aug_defnode... yes checking selinux/selinux.h usability... yes checking selinux/selinux.h presence... yes checking for selinux/selinux.h... yes checking for setexeccon in -lselinux... yes checking for setcon... yes checking for getcon... yes checking for xdrmem_create in -lportablexdr... no checking for library containing xdrmem_create... none required checking for getxattr... yes checking for htonl... yes checking for htons... yes checking for inotify_init1... y...

...checking for gperf... gperf checking for aug_match in -laugeas... yes checking for aug_load... yes checking for aug_defvar... yes checking for aug_defnode... yes checking selinux/selinux.h usability... yes checking selinux/selinux.h presence... yes checking for selinux/selinux.h... yes checking for setexeccon in -lselinux... yes checking for setcon... yes checking for getcon... yes checking for xdrmem_create in -lportablexdr... no checking for library containing xdrmem_create... none required checking for getxattr... yes checking for htonl... yes checking for htons... yes checking for inotify_init1... y...

...checking for gperf... gperf checking for aug_match in -laugeas... yes checking for aug_load... yes checking for aug_defvar... yes checking for aug_defnode... yes checking selinux/selinux.h usability... yes checking selinux/selinux.h presence... yes checking for selinux/selinux.h... yes checking for setexeccon in -lselinux... yes checking for setcon... yes checking for getcon... yes checking for xdrmem_create in -lportablexdr... no checking for library containing xdrmem_create... none required checking for getxattr... yes checking for htonl... yes checking for htons... yes checking for inotify_init1... y...

...checking for gperf... gperf checking for aug_match in -laugeas... yes checking for aug_load... yes checking for aug_defvar... yes checking for aug_defnode... yes checking selinux/selinux.h usability... yes checking selinux/selinux.h presence... yes checking for selinux/selinux.h... yes checking for setexeccon in -lselinux... yes checking for setcon... yes checking for getcon... yes checking for xdrmem_create in -lportablexdr... no checking for library containing xdrmem_create... none required checking for getxattr... yes checking for htonl... yes checking for htons... yes checking for inotify_init1... y...

...checking for gperf... gperf checking for aug_match in -laugeas... yes checking for aug_load... yes checking for aug_defvar... yes checking for aug_defnode... yes checking selinux/selinux.h usability... yes checking selinux/selinux.h presence... yes checking for selinux/selinux.h... yes checking for setexeccon in -lselinux... yes checking for setcon... yes checking for getcon... yes checking for xdrmem_create in -lportablexdr... no checking for library containing xdrmem_create... none required checking for getxattr... yes checking for htonl... yes checking for htons... yes checking for inotify_init1... y...