Comment 7 for bug 708571

Created attachment 1984
more error checks in ssh_selinux_setfscreatecon

The Debian/Ubuntu OpenSSH packages are compiled with SELinux support, but SELinux isn't necessarily available at run-time. If it's unavailable, then ssh_selinux_setfscreatecon may crash because it does not either (a) check ssh_selinux_enabled or (b) check the return value of matchpathcon. I suspect it should do both, although I'm not sure whether any error message is necessary if matchpathcon fails - does this just mean that the configuration doesn't specify any particular context? (I'm not an SELinux expert.)

Patch attached which at least clears up the crash.

(BTW, the indentation in ssh_selinux_setfscreatecon is non-standard.)