File pam-bsc1197794-do-not-include-obsolete-header-files.patch of Package pam.32004
Index: Linux-PAM-1.3.0/modules/pam_selinux/pam_selinux.c
===================================================================
--- Linux-PAM-1.3.0.orig/modules/pam_selinux/pam_selinux.c
+++ Linux-PAM-1.3.0/modules/pam_selinux/pam_selinux.c
@@ -63,8 +63,8 @@
#include <selinux/selinux.h>
#include <selinux/get_context_list.h>
-#include <selinux/flask.h>
-#include <selinux/av_permissions.h>
+// #include <selinux/flask.h>
+// #include <selinux/av_permissions.h>
#include <selinux/selinux.h>
#include <selinux/context.h>
#include <selinux/get_default_type.h>
@@ -554,6 +554,7 @@ static int
compute_tty_context(const pam_handle_t *pamh, module_data_t *data)
{
const char *tty = get_item(pamh, PAM_TTY);
+ security_class_t tclass;
if (!tty || !*tty || !strcmp(tty, "ssh") || !strncmp(tty, "NODEV", 5)) {
tty = ttyname(STDIN_FILENO);
@@ -589,8 +590,18 @@ compute_tty_context(const pam_handle_t *
return (security_getenforce() == 1) ? PAM_SESSION_ERR : PAM_SUCCESS;
}
+ tclass = string_to_security_class("chr_file");
+ if (tclass == 0) {
+ pam_syslog(pamh, LOG_ERR, "Failed to get chr_file security class");
+ freecon(data->prev_tty_context);
+ data->prev_tty_context = NULL;
+ free(data->tty_path);
+ data->tty_path = NULL;
+ return (security_getenforce() == 1) ? PAM_SESSION_ERR : PAM_SUCCESS;
+ }
+
if (security_compute_relabel(data->exec_context, data->prev_tty_context,
- SECCLASS_CHR_FILE, &data->tty_context)) {
+ tclass, &data->tty_context)) {
data->tty_context = NULL;
pam_syslog(pamh, LOG_ERR, "Failed to compute new context for %s: %m",
data->tty_path);
