diff options
Diffstat (limited to 'openbsd-compat/port-linux.c')
-rw-r--r-- | openbsd-compat/port-linux.c | 79 |
1 files changed, 74 insertions, 5 deletions
diff --git a/openbsd-compat/port-linux.c b/openbsd-compat/port-linux.c index ad262758e..b7142ba90 100644 --- a/openbsd-compat/port-linux.c +++ b/openbsd-compat/port-linux.c | |||
@@ -18,7 +18,7 @@ | |||
18 | */ | 18 | */ |
19 | 19 | ||
20 | /* | 20 | /* |
21 | * Linux-specific portability code - just SELinux support at present | 21 | * Linux-specific portability code |
22 | */ | 22 | */ |
23 | 23 | ||
24 | #include "includes.h" | 24 | #include "includes.h" |
@@ -27,14 +27,30 @@ | |||
27 | #include <stdarg.h> | 27 | #include <stdarg.h> |
28 | #include <string.h> | 28 | #include <string.h> |
29 | 29 | ||
30 | #ifdef WITH_SELINUX | 30 | #ifdef OOM_ADJUST |
31 | #include <sys/types.h> | ||
32 | #include <sys/stat.h> | ||
33 | #include <fcntl.h> | ||
34 | #include <unistd.h> | ||
35 | #endif | ||
36 | |||
31 | #include "log.h" | 37 | #include "log.h" |
38 | |||
39 | #ifdef WITH_SELINUX | ||
40 | #include "key.h" | ||
41 | #include "hostfile.h" | ||
42 | #include "auth.h" | ||
43 | #ifdef HAVE_GETSEUSERBYNAME | ||
44 | #include "xmalloc.h" | ||
45 | #endif | ||
32 | #include "port-linux.h" | 46 | #include "port-linux.h" |
33 | 47 | ||
34 | #include <selinux/selinux.h> | 48 | #include <selinux/selinux.h> |
35 | #include <selinux/flask.h> | 49 | #include <selinux/flask.h> |
36 | #include <selinux/get_context_list.h> | 50 | #include <selinux/get_context_list.h> |
37 | 51 | ||
52 | extern Authctxt *the_authctxt; | ||
53 | |||
38 | /* Wrapper around is_selinux_enabled() to log its return value once only */ | 54 | /* Wrapper around is_selinux_enabled() to log its return value once only */ |
39 | int | 55 | int |
40 | ssh_selinux_enabled(void) | 56 | ssh_selinux_enabled(void) |
@@ -54,7 +70,7 @@ static security_context_t | |||
54 | ssh_selinux_getctxbyname(char *pwname) | 70 | ssh_selinux_getctxbyname(char *pwname) |
55 | { | 71 | { |
56 | security_context_t sc; | 72 | security_context_t sc; |
57 | char *sename = NULL, *lvl = NULL; | 73 | char *sename = NULL, *role = NULL, *lvl = NULL; |
58 | int r; | 74 | int r; |
59 | 75 | ||
60 | #ifdef HAVE_GETSEUSERBYNAME | 76 | #ifdef HAVE_GETSEUSERBYNAME |
@@ -64,11 +80,20 @@ ssh_selinux_getctxbyname(char *pwname) | |||
64 | sename = pwname; | 80 | sename = pwname; |
65 | lvl = NULL; | 81 | lvl = NULL; |
66 | #endif | 82 | #endif |
83 | if (the_authctxt) | ||
84 | role = the_authctxt->role; | ||
67 | 85 | ||
68 | #ifdef HAVE_GET_DEFAULT_CONTEXT_WITH_LEVEL | 86 | #ifdef HAVE_GET_DEFAULT_CONTEXT_WITH_LEVEL |
69 | r = get_default_context_with_level(sename, lvl, NULL, &sc); | 87 | if (role != NULL && role[0]) |
88 | r = get_default_context_with_rolelevel(sename, role, lvl, NULL, | ||
89 | &sc); | ||
90 | else | ||
91 | r = get_default_context_with_level(sename, lvl, NULL, &sc); | ||
70 | #else | 92 | #else |
71 | r = get_default_context(sename, NULL, &sc); | 93 | if (role != NULL && role[0]) |
94 | r = get_default_context_with_role(sename, role, NULL, &sc); | ||
95 | else | ||
96 | r = get_default_context(sename, NULL, &sc); | ||
72 | #endif | 97 | #endif |
73 | 98 | ||
74 | if (r != 0) { | 99 | if (r != 0) { |
@@ -169,3 +194,47 @@ ssh_selinux_setup_pty(char *pwname, const char *tty) | |||
169 | debug3("%s: done", __func__); | 194 | debug3("%s: done", __func__); |
170 | } | 195 | } |
171 | #endif /* WITH_SELINUX */ | 196 | #endif /* WITH_SELINUX */ |
197 | |||
198 | #ifdef OOM_ADJUST | ||
199 | /* Get the out-of-memory adjustment file for the current process */ | ||
200 | static int | ||
201 | oom_adj_open(int oflag) | ||
202 | { | ||
203 | int fd = open("/proc/self/oom_adj", oflag); | ||
204 | if (fd < 0) | ||
205 | logit("error opening /proc/self/oom_adj: %s", strerror(errno)); | ||
206 | return fd; | ||
207 | } | ||
208 | |||
209 | /* Get the current OOM adjustment */ | ||
210 | int | ||
211 | oom_adj_get(char *buf, size_t maxlen) | ||
212 | { | ||
213 | ssize_t n; | ||
214 | int fd = oom_adj_open(O_RDONLY); | ||
215 | if (fd < 0) | ||
216 | return -1; | ||
217 | n = read(fd, buf, maxlen); | ||
218 | if (n < 0) | ||
219 | logit("error reading /proc/self/oom_adj: %s", strerror(errno)); | ||
220 | else | ||
221 | buf[n] = '\0'; | ||
222 | close(fd); | ||
223 | return n < 0 ? -1 : 0; | ||
224 | } | ||
225 | |||
226 | /* Set the current OOM adjustment */ | ||
227 | int | ||
228 | oom_adj_set(const char *buf) | ||
229 | { | ||
230 | ssize_t n; | ||
231 | int fd = oom_adj_open(O_WRONLY); | ||
232 | if (fd < 0) | ||
233 | return -1; | ||
234 | n = write(fd, buf, strlen(buf)); | ||
235 | if (n < 0) | ||
236 | logit("error writing /proc/self/oom_adj: %s", strerror(errno)); | ||
237 | close(fd); | ||
238 | return n < 0 ? -1 : 0; | ||
239 | } | ||
240 | #endif | ||