43 lines
1.6 KiB
Diff
43 lines
1.6 KiB
Diff
Index: Linux-PAM-1.3.0/modules/pam_selinux/pam_selinux.c
|
|
===================================================================
|
|
--- Linux-PAM-1.3.0.orig/modules/pam_selinux/pam_selinux.c
|
|
+++ Linux-PAM-1.3.0/modules/pam_selinux/pam_selinux.c
|
|
@@ -63,8 +63,8 @@
|
|
|
|
#include <selinux/selinux.h>
|
|
#include <selinux/get_context_list.h>
|
|
-#include <selinux/flask.h>
|
|
-#include <selinux/av_permissions.h>
|
|
+// #include <selinux/flask.h>
|
|
+// #include <selinux/av_permissions.h>
|
|
#include <selinux/selinux.h>
|
|
#include <selinux/context.h>
|
|
#include <selinux/get_default_type.h>
|
|
@@ -554,6 +554,7 @@ static int
|
|
compute_tty_context(const pam_handle_t *pamh, module_data_t *data)
|
|
{
|
|
const char *tty = get_item(pamh, PAM_TTY);
|
|
+ security_class_t tclass;
|
|
|
|
if (!tty || !*tty || !strcmp(tty, "ssh") || !strncmp(tty, "NODEV", 5)) {
|
|
tty = ttyname(STDIN_FILENO);
|
|
@@ -589,8 +590,18 @@ compute_tty_context(const pam_handle_t *
|
|
return (security_getenforce() == 1) ? PAM_SESSION_ERR : PAM_SUCCESS;
|
|
}
|
|
|
|
+ tclass = string_to_security_class("chr_file");
|
|
+ if (tclass == 0) {
|
|
+ pam_syslog(pamh, LOG_ERR, "Failed to get chr_file security class");
|
|
+ freecon(data->prev_tty_context);
|
|
+ data->prev_tty_context = NULL;
|
|
+ free(data->tty_path);
|
|
+ data->tty_path = NULL;
|
|
+ return (security_getenforce() == 1) ? PAM_SESSION_ERR : PAM_SUCCESS;
|
|
+ }
|
|
+
|
|
if (security_compute_relabel(data->exec_context, data->prev_tty_context,
|
|
- SECCLASS_CHR_FILE, &data->tty_context)) {
|
|
+ tclass, &data->tty_context)) {
|
|
data->tty_context = NULL;
|
|
pam_syslog(pamh, LOG_ERR, "Failed to compute new context for %s: %m",
|
|
data->tty_path);
|