| port-linux.c (204917) | port-linux.c (221420) |
|---|---|
| 1/* $Id: port-linux.c,v 1.8 2010/03/01 04:52:50 dtucker Exp $ */ | 1/* $Id: port-linux.c,v 1.11.4.3 2011/02/06 02:24:17 dtucker Exp $ */ |
| 2 3/* 4 * Copyright (c) 2005 Daniel Walsh <dwalsh@redhat.com> 5 * Copyright (c) 2006 Damien Miller <djm@openbsd.org> 6 * 7 * Permission to use, copy, modify, and distribute this software for any 8 * purpose with or without fee is hereby granted, provided that the above 9 * copyright notice and this permission notice appear in all copies. --- 30 unchanged lines hidden (view full) --- 40 41/* Wrapper around is_selinux_enabled() to log its return value once only */ 42int 43ssh_selinux_enabled(void) 44{ 45 static int enabled = -1; 46 47 if (enabled == -1) { | 2 3/* 4 * Copyright (c) 2005 Daniel Walsh <dwalsh@redhat.com> 5 * Copyright (c) 2006 Damien Miller <djm@openbsd.org> 6 * 7 * Permission to use, copy, modify, and distribute this software for any 8 * purpose with or without fee is hereby granted, provided that the above 9 * copyright notice and this permission notice appear in all copies. --- 30 unchanged lines hidden (view full) --- 40 41/* Wrapper around is_selinux_enabled() to log its return value once only */ 42int 43ssh_selinux_enabled(void) 44{ 45 static int enabled = -1; 46 47 if (enabled == -1) { |
| 48 enabled = is_selinux_enabled(); | 48 enabled = (is_selinux_enabled() == 1); |
| 49 debug("SELinux support %s", enabled ? "enabled" : "disabled"); 50 } 51 52 return (enabled); 53} 54 55/* Return the default security context for the given username */ 56static security_context_t --- 143 unchanged lines hidden (view full) --- 200 strlcat(newctx, cx, newlen); 201 debug3("%s: setting context from '%s' to '%s'", __func__, oldctx, 202 newctx); 203 if (setcon(newctx) < 0) 204 logit("%s: setcon failed with %s", __func__, strerror (errno)); 205 xfree(oldctx); 206 xfree(newctx); 207} | 49 debug("SELinux support %s", enabled ? "enabled" : "disabled"); 50 } 51 52 return (enabled); 53} 54 55/* Return the default security context for the given username */ 56static security_context_t --- 143 unchanged lines hidden (view full) --- 200 strlcat(newctx, cx, newlen); 201 debug3("%s: setting context from '%s' to '%s'", __func__, oldctx, 202 newctx); 203 if (setcon(newctx) < 0) 204 logit("%s: setcon failed with %s", __func__, strerror (errno)); 205 xfree(oldctx); 206 xfree(newctx); 207} |
| 208 209void 210ssh_selinux_setfscreatecon(const char *path) 211{ 212 security_context_t context; 213 214 if (!ssh_selinux_enabled()) 215 return; 216 if (path == NULL) { 217 setfscreatecon(NULL); 218 return; 219 } 220 if (matchpathcon(path, 0700, &context) == 0) 221 setfscreatecon(context); 222} 223 |
|
| 208#endif /* WITH_SELINUX */ 209 210#ifdef LINUX_OOM_ADJUST | 224#endif /* WITH_SELINUX */ 225 226#ifdef LINUX_OOM_ADJUST |
| 211#define OOM_ADJ_PATH "/proc/self/oom_adj" | |
| 212/* | 227/* |
| 213 * The magic "don't kill me", as documented in eg: | 228 * The magic "don't kill me" values, old and new, as documented in eg: |
| 214 * http://lxr.linux.no/#linux+v2.6.32/Documentation/filesystems/proc.txt | 229 * http://lxr.linux.no/#linux+v2.6.32/Documentation/filesystems/proc.txt |
| 230 * http://lxr.linux.no/#linux+v2.6.36/Documentation/filesystems/proc.txt |
|
| 215 */ | 231 */ |
| 216#define OOM_ADJ_NOKILL -17 | |
| 217 218static int oom_adj_save = INT_MIN; | 232 233static int oom_adj_save = INT_MIN; |
| 234static char *oom_adj_path = NULL; 235struct { 236 char *path; 237 int value; 238} oom_adjust[] = { 239 {"/proc/self/oom_score_adj", -1000}, /* kernels >= 2.6.36 */ 240 {"/proc/self/oom_adj", -17}, /* kernels <= 2.6.35 */ 241 {NULL, 0}, 242}; |
|
| 219 220/* 221 * Tell the kernel's out-of-memory killer to avoid sshd. 222 * Returns the previous oom_adj value or zero. 223 */ 224void 225oom_adjust_setup(void) 226{ | 243 244/* 245 * Tell the kernel's out-of-memory killer to avoid sshd. 246 * Returns the previous oom_adj value or zero. 247 */ 248void 249oom_adjust_setup(void) 250{ |
| 251 int i, value; |
|
| 227 FILE *fp; 228 229 debug3("%s", __func__); | 252 FILE *fp; 253 254 debug3("%s", __func__); |
| 230 if ((fp = fopen(OOM_ADJ_PATH, "r+")) != NULL) { 231 if (fscanf(fp, "%d", &oom_adj_save) != 1) 232 verbose("error reading %s: %s", OOM_ADJ_PATH, strerror(errno)); 233 else { 234 rewind(fp); 235 if (fprintf(fp, "%d\n", OOM_ADJ_NOKILL) <= 0) 236 verbose("error writing %s: %s", 237 OOM_ADJ_PATH, strerror(errno)); 238 else 239 verbose("Set %s from %d to %d", 240 OOM_ADJ_PATH, oom_adj_save, OOM_ADJ_NOKILL); | 255 for (i = 0; oom_adjust[i].path != NULL; i++) { 256 oom_adj_path = oom_adjust[i].path; 257 value = oom_adjust[i].value; 258 if ((fp = fopen(oom_adj_path, "r+")) != NULL) { 259 if (fscanf(fp, "%d", &oom_adj_save) != 1) 260 verbose("error reading %s: %s", oom_adj_path, 261 strerror(errno)); 262 else { 263 rewind(fp); 264 if (fprintf(fp, "%d\n", value) <= 0) 265 verbose("error writing %s: %s", 266 oom_adj_path, strerror(errno)); 267 else 268 verbose("Set %s from %d to %d", 269 oom_adj_path, oom_adj_save, value); 270 } 271 fclose(fp); 272 return; |
| 241 } | 273 } |
| 242 fclose(fp); | |
| 243 } | 274 } |
| 275 oom_adj_path = NULL; |
|
| 244} 245 246/* Restore the saved OOM adjustment */ 247void 248oom_adjust_restore(void) 249{ 250 FILE *fp; 251 252 debug3("%s", __func__); | 276} 277 278/* Restore the saved OOM adjustment */ 279void 280oom_adjust_restore(void) 281{ 282 FILE *fp; 283 284 debug3("%s", __func__); |
| 253 if (oom_adj_save == INT_MIN || (fp = fopen(OOM_ADJ_PATH, "w")) == NULL) | 285 if (oom_adj_save == INT_MIN || oom_adj_path == NULL || 286 (fp = fopen(oom_adj_path, "w")) == NULL) |
| 254 return; 255 256 if (fprintf(fp, "%d\n", oom_adj_save) <= 0) | 287 return; 288 289 if (fprintf(fp, "%d\n", oom_adj_save) <= 0) |
| 257 verbose("error writing %s: %s", OOM_ADJ_PATH, strerror(errno)); | 290 verbose("error writing %s: %s", oom_adj_path, strerror(errno)); |
| 258 else | 291 else |
| 259 verbose("Set %s to %d", OOM_ADJ_PATH, oom_adj_save); | 292 verbose("Set %s to %d", oom_adj_path, oom_adj_save); |
| 260 261 fclose(fp); 262 return; 263} 264#endif /* LINUX_OOM_ADJUST */ 265#endif /* WITH_SELINUX || LINUX_OOM_ADJUST */ | 293 294 fclose(fp); 295 return; 296} 297#endif /* LINUX_OOM_ADJUST */ 298#endif /* WITH_SELINUX || LINUX_OOM_ADJUST */ |