Bug#950473: Please remove usage of hardcoded SELinux security classes
Source: openssh-ssh1
Version: 1:7.5p1-11
Severity: normal
User: selinux-devel@lists.alioth.debian.org
Usertags: selinux selinux-aware
Hello,
It looks like this package is using hardcoded SELinux security classes,
this is deprecated in libselinux for about 5 years and upstream is
planning to remove support for this in their upcoming release (3.1).
Please remove the selinux/flask.h include and port to the new API using
string_to_security_class() instead of the hardcoded class.
AFAICS, it's only used for SECCLASS_CHR_FILE class in openbsd-compat/port-linux.c
Kind regards,
Laurent Bigonville
-- System Information:
Debian Release: bullseye/sid
APT prefers unstable-debug
APT policy: (500, 'unstable-debug'), (500, 'unstable'), (1, 'experimental-debug'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 5.4.0-3-amd64 (SMP w/8 CPU cores)
Kernel taint flags: TAINT_FIRMWARE_WORKAROUND
Locale: LANG=fr_BE.UTF-8, LC_CTYPE=fr_BE.UTF-8 (charmap=UTF-8), LANGUAGE=fr_BE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: SELinux: enabled - Mode: Permissive - Policy name: refpolicy
Reply to: