search for: sftpd_t

...Severity: normal Priority: P2 Component: sftp-server AssignedTo: unassigned-bugs at mindrot.org ReportedBy: jchadima at redhat.com --- Comment #0 from jchadima at redhat.com 2009-08-28 15:38:36 EST --- The sshd run with ssdh_t context. The sftpd runs with sftpd_t context. Internal-sftp do not use exec.* (2) syscall, so there is a need to switch context manually. -- Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching the assignee of the bug.

...way). Therefore we want to do this context swap with other capabilities swap. This adds the context switches in do_setusercontext() function. This will avoid us from need to call additional setexeccon from user context (and the need of this capability) if the user needs to switch password. Also the sftpd_t context is not used anymore (sftp runs under context of the actual user). [1] 3) The last bits so far are related to the privilege separation SELinux context (the net child is confined as sshd_net_t). 4) root logins can be also confined by SELinux, so we should not skip privilege separation in po...

...n ssh-rand-helper is passed command- line arguments as none are supported. bz#1568 * Add missing setsockopt() to set IPV6_V6ONLY for local forwarding with GatwayPorts=yes. bz#1648 * Make GNOME 2 askpass dialog desktop-modal. bz#1645 * If SELinux is enabled set the security context to "sftpd_t" before running the internal sftp server. bz#1637 * Correctly check libselinux for necessary SELinux functions; bz#1713 * Unbreak builds on Redhat using the supplied openssh.spec; bz#1731 * Fix incorrect privilege dropping order on AIX that prevented chroot operation; bz#1567 * Call...

...n ssh-rand-helper is passed command- line arguments as none are supported. bz#1568 * Add missing setsockopt() to set IPV6_V6ONLY for local forwarding with GatwayPorts=yes. bz#1648 * Make GNOME 2 askpass dialog desktop-modal. bz#1645 * If SELinux is enabled set the security context to "sftpd_t" before running the internal sftp server. bz#1637 * Correctly check libselinux for necessary SELinux functions; bz#1713 * Unbreak builds on Redhat using the supplied openssh.spec; bz#1731 * Fix incorrect privilege dropping order on AIX that prevented chroot operation; bz#1567 * Call...

...n ssh-rand-helper is passed command- line arguments as none are supported. bz#1568 * Add missing setsockopt() to set IPV6_V6ONLY for local forwarding with GatwayPorts=yes. bz#1648 * Make GNOME 2 askpass dialog desktop-modal. bz#1645 * If SELinux is enabled set the security context to "sftpd_t" before running the internal sftp server. bz#1637 * Correctly check libselinux for necessary SELinux functions; bz#1713