port-linux.c (181111) | port-linux.c (204917) |
---|---|
1/* $Id: port-linux.c,v 1.5 2008/03/26 20:27:21 dtucker Exp $ */ | 1/* $Id: port-linux.c,v 1.8 2010/03/01 04:52:50 dtucker Exp $ */ |
2 3/* 4 * Copyright (c) 2005 Daniel Walsh <dwalsh@redhat.com> 5 * Copyright (c) 2006 Damien Miller <djm@openbsd.org> 6 * 7 * Permission to use, copy, modify, and distribute this software for any 8 * purpose with or without fee is hereby granted, provided that the above 9 * copyright notice and this permission notice appear in all copies. --- 8 unchanged lines hidden (view full) --- 18 */ 19 20/* 21 * Linux-specific portability code - just SELinux support at present 22 */ 23 24#include "includes.h" 25 | 2 3/* 4 * Copyright (c) 2005 Daniel Walsh <dwalsh@redhat.com> 5 * Copyright (c) 2006 Damien Miller <djm@openbsd.org> 6 * 7 * Permission to use, copy, modify, and distribute this software for any 8 * purpose with or without fee is hereby granted, provided that the above 9 * copyright notice and this permission notice appear in all copies. --- 8 unchanged lines hidden (view full) --- 18 */ 19 20/* 21 * Linux-specific portability code - just SELinux support at present 22 */ 23 24#include "includes.h" 25 |
26#if defined(WITH_SELINUX) || defined(LINUX_OOM_ADJUST) |
|
26#include <errno.h> 27#include <stdarg.h> 28#include <string.h> | 27#include <errno.h> 28#include <stdarg.h> 29#include <string.h> |
30#include <stdio.h> |
|
29 | 31 |
30#ifdef WITH_SELINUX | |
31#include "log.h" | 32#include "log.h" |
33#include "xmalloc.h" |
|
32#include "port-linux.h" 33 | 34#include "port-linux.h" 35 |
36#ifdef WITH_SELINUX |
|
34#include <selinux/selinux.h> 35#include <selinux/flask.h> 36#include <selinux/get_context_list.h> 37 38/* Wrapper around is_selinux_enabled() to log its return value once only */ 39int 40ssh_selinux_enabled(void) 41{ --- 121 unchanged lines hidden (view full) --- 163 if (new_tty_ctx != NULL) 164 freecon(new_tty_ctx); 165 if (old_tty_ctx != NULL) 166 freecon(old_tty_ctx); 167 if (user_ctx != NULL) 168 freecon(user_ctx); 169 debug3("%s: done", __func__); 170} | 37#include <selinux/selinux.h> 38#include <selinux/flask.h> 39#include <selinux/get_context_list.h> 40 41/* Wrapper around is_selinux_enabled() to log its return value once only */ 42int 43ssh_selinux_enabled(void) 44{ --- 121 unchanged lines hidden (view full) --- 166 if (new_tty_ctx != NULL) 167 freecon(new_tty_ctx); 168 if (old_tty_ctx != NULL) 169 freecon(old_tty_ctx); 170 if (user_ctx != NULL) 171 freecon(user_ctx); 172 debug3("%s: done", __func__); 173} |
174 175void 176ssh_selinux_change_context(const char *newname) 177{ 178 int len, newlen; 179 char *oldctx, *newctx, *cx; 180 181 if (!ssh_selinux_enabled()) 182 return; 183 184 if (getcon((security_context_t *)&oldctx) < 0) { 185 logit("%s: getcon failed with %s", __func__, strerror (errno)); 186 return; 187 } 188 if ((cx = index(oldctx, ':')) == NULL || (cx = index(cx + 1, ':')) == 189 NULL) { 190 logit ("%s: unparseable context %s", __func__, oldctx); 191 return; 192 } 193 194 newlen = strlen(oldctx) + strlen(newname) + 1; 195 newctx = xmalloc(newlen); 196 len = cx - oldctx + 1; 197 memcpy(newctx, oldctx, len); 198 strlcpy(newctx + len, newname, newlen - len); 199 if ((cx = index(cx + 1, ':'))) 200 strlcat(newctx, cx, newlen); 201 debug3("%s: setting context from '%s' to '%s'", __func__, oldctx, 202 newctx); 203 if (setcon(newctx) < 0) 204 logit("%s: setcon failed with %s", __func__, strerror (errno)); 205 xfree(oldctx); 206 xfree(newctx); 207} |
|
171#endif /* WITH_SELINUX */ | 208#endif /* WITH_SELINUX */ |
209 210#ifdef LINUX_OOM_ADJUST 211#define OOM_ADJ_PATH "/proc/self/oom_adj" 212/* 213 * The magic "don't kill me", as documented in eg: 214 * http://lxr.linux.no/#linux+v2.6.32/Documentation/filesystems/proc.txt 215 */ 216#define OOM_ADJ_NOKILL -17 217 218static int oom_adj_save = INT_MIN; 219 220/* 221 * Tell the kernel's out-of-memory killer to avoid sshd. 222 * Returns the previous oom_adj value or zero. 223 */ 224void 225oom_adjust_setup(void) 226{ 227 FILE *fp; 228 229 debug3("%s", __func__); 230 if ((fp = fopen(OOM_ADJ_PATH, "r+")) != NULL) { 231 if (fscanf(fp, "%d", &oom_adj_save) != 1) 232 verbose("error reading %s: %s", OOM_ADJ_PATH, strerror(errno)); 233 else { 234 rewind(fp); 235 if (fprintf(fp, "%d\n", OOM_ADJ_NOKILL) <= 0) 236 verbose("error writing %s: %s", 237 OOM_ADJ_PATH, strerror(errno)); 238 else 239 verbose("Set %s from %d to %d", 240 OOM_ADJ_PATH, oom_adj_save, OOM_ADJ_NOKILL); 241 } 242 fclose(fp); 243 } 244} 245 246/* Restore the saved OOM adjustment */ 247void 248oom_adjust_restore(void) 249{ 250 FILE *fp; 251 252 debug3("%s", __func__); 253 if (oom_adj_save == INT_MIN || (fp = fopen(OOM_ADJ_PATH, "w")) == NULL) 254 return; 255 256 if (fprintf(fp, "%d\n", oom_adj_save) <= 0) 257 verbose("error writing %s: %s", OOM_ADJ_PATH, strerror(errno)); 258 else 259 verbose("Set %s to %d", OOM_ADJ_PATH, oom_adj_save); 260 261 fclose(fp); 262 return; 263} 264#endif /* LINUX_OOM_ADJUST */ 265#endif /* WITH_SELINUX || LINUX_OOM_ADJUST */ |
|