summaryrefslogtreecommitdiff
path: root/openbsd-compat/port-linux.c
diff options
context:
space:
mode:
Diffstat (limited to 'openbsd-compat/port-linux.c')
-rw-r--r--openbsd-compat/port-linux.c79
1 files changed, 74 insertions, 5 deletions
diff --git a/openbsd-compat/port-linux.c b/openbsd-compat/port-linux.c
index ad262758e..b7142ba90 100644
--- a/openbsd-compat/port-linux.c
+++ b/openbsd-compat/port-linux.c
@@ -18,7 +18,7 @@
18 */ 18 */
19 19
20/* 20/*
21 * Linux-specific portability code - just SELinux support at present 21 * Linux-specific portability code
22 */ 22 */
23 23
24#include "includes.h" 24#include "includes.h"
@@ -27,14 +27,30 @@
27#include <stdarg.h> 27#include <stdarg.h>
28#include <string.h> 28#include <string.h>
29 29
30#ifdef WITH_SELINUX 30#ifdef OOM_ADJUST
31#include <sys/types.h>
32#include <sys/stat.h>
33#include <fcntl.h>
34#include <unistd.h>
35#endif
36
31#include "log.h" 37#include "log.h"
38
39#ifdef WITH_SELINUX
40#include "key.h"
41#include "hostfile.h"
42#include "auth.h"
43#ifdef HAVE_GETSEUSERBYNAME
44#include "xmalloc.h"
45#endif
32#include "port-linux.h" 46#include "port-linux.h"
33 47
34#include <selinux/selinux.h> 48#include <selinux/selinux.h>
35#include <selinux/flask.h> 49#include <selinux/flask.h>
36#include <selinux/get_context_list.h> 50#include <selinux/get_context_list.h>
37 51
52extern Authctxt *the_authctxt;
53
38/* Wrapper around is_selinux_enabled() to log its return value once only */ 54/* Wrapper around is_selinux_enabled() to log its return value once only */
39int 55int
40ssh_selinux_enabled(void) 56ssh_selinux_enabled(void)
@@ -54,7 +70,7 @@ static security_context_t
54ssh_selinux_getctxbyname(char *pwname) 70ssh_selinux_getctxbyname(char *pwname)
55{ 71{
56 security_context_t sc; 72 security_context_t sc;
57 char *sename = NULL, *lvl = NULL; 73 char *sename = NULL, *role = NULL, *lvl = NULL;
58 int r; 74 int r;
59 75
60#ifdef HAVE_GETSEUSERBYNAME 76#ifdef HAVE_GETSEUSERBYNAME
@@ -64,11 +80,20 @@ ssh_selinux_getctxbyname(char *pwname)
64 sename = pwname; 80 sename = pwname;
65 lvl = NULL; 81 lvl = NULL;
66#endif 82#endif
83 if (the_authctxt)
84 role = the_authctxt->role;
67 85
68#ifdef HAVE_GET_DEFAULT_CONTEXT_WITH_LEVEL 86#ifdef HAVE_GET_DEFAULT_CONTEXT_WITH_LEVEL
69 r = get_default_context_with_level(sename, lvl, NULL, &sc); 87 if (role != NULL && role[0])
88 r = get_default_context_with_rolelevel(sename, role, lvl, NULL,
89 &sc);
90 else
91 r = get_default_context_with_level(sename, lvl, NULL, &sc);
70#else 92#else
71 r = get_default_context(sename, NULL, &sc); 93 if (role != NULL && role[0])
94 r = get_default_context_with_role(sename, role, NULL, &sc);
95 else
96 r = get_default_context(sename, NULL, &sc);
72#endif 97#endif
73 98
74 if (r != 0) { 99 if (r != 0) {
@@ -169,3 +194,47 @@ ssh_selinux_setup_pty(char *pwname, const char *tty)
169 debug3("%s: done", __func__); 194 debug3("%s: done", __func__);
170} 195}
171#endif /* WITH_SELINUX */ 196#endif /* WITH_SELINUX */
197
198#ifdef OOM_ADJUST
199/* Get the out-of-memory adjustment file for the current process */
200static int
201oom_adj_open(int oflag)
202{
203 int fd = open("/proc/self/oom_adj", oflag);
204 if (fd < 0)
205 logit("error opening /proc/self/oom_adj: %s", strerror(errno));
206 return fd;
207}
208
209/* Get the current OOM adjustment */
210int
211oom_adj_get(char *buf, size_t maxlen)
212{
213 ssize_t n;
214 int fd = oom_adj_open(O_RDONLY);
215 if (fd < 0)
216 return -1;
217 n = read(fd, buf, maxlen);
218 if (n < 0)
219 logit("error reading /proc/self/oom_adj: %s", strerror(errno));
220 else
221 buf[n] = '\0';
222 close(fd);
223 return n < 0 ? -1 : 0;
224}
225
226/* Set the current OOM adjustment */
227int
228oom_adj_set(const char *buf)
229{
230 ssize_t n;
231 int fd = oom_adj_open(O_WRONLY);
232 if (fd < 0)
233 return -1;
234 n = write(fd, buf, strlen(buf));
235 if (n < 0)
236 logit("error writing /proc/self/oom_adj: %s", strerror(errno));
237 close(fd);
238 return n < 0 ? -1 : 0;
239}
240#endif