From 4d6656b1030c2090f8769ce9cce0a9e5dd135945 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Sat, 24 Oct 2009 15:04:12 +1100 Subject: - (dtucker) [session.c openbsd-compat/port-linux.{c,h}] Bug #1637: if selinux is enabled set the security context to "sftpd_t" before running the internal sftp server Based on a patch from jchadima at redhat. --- openbsd-compat/port-linux.c | 37 ++++++++++++++++++++++++++++++++++++- 1 file changed, 36 insertions(+), 1 deletion(-) (limited to 'openbsd-compat/port-linux.c') diff --git a/openbsd-compat/port-linux.c b/openbsd-compat/port-linux.c index ad262758e..88c601e20 100644 --- a/openbsd-compat/port-linux.c +++ b/openbsd-compat/port-linux.c @@ -1,4 +1,4 @@ -/* $Id: port-linux.c,v 1.5 2008/03/26 20:27:21 dtucker Exp $ */ +/* $Id: port-linux.c,v 1.6 2009/10/24 04:04:13 dtucker Exp $ */ /* * Copyright (c) 2005 Daniel Walsh @@ -29,6 +29,7 @@ #ifdef WITH_SELINUX #include "log.h" +#include "xmalloc.h" #include "port-linux.h" #include @@ -168,4 +169,38 @@ ssh_selinux_setup_pty(char *pwname, const char *tty) freecon(user_ctx); debug3("%s: done", __func__); } + +void +ssh_selinux_change_context(const char *newname) +{ + int len, newlen; + char *oldctx, *newctx, *cx; + + if (!ssh_selinux_enabled()) + return; + + if (getcon((security_context_t *)&oldctx) < 0) { + logit("%s: getcon failed with %s", __func__, strerror (errno)); + return; + } + if ((cx = index(oldctx, ':')) == NULL || (cx = index(cx + 1, ':')) == + NULL) { + logit ("%s: unparseable context %s", __func__, oldctx); + return; + } + + newlen = strlen(oldctx) + strlen(newname) + 1; + newctx = xmalloc(newlen); + len = cx - oldctx + 1; + memcpy(newctx, oldctx, len); + strlcpy(newctx + len, newname, newlen - len); + if ((cx = index(cx + 1, ':'))) + strlcat(newctx, cx, newlen); + debug3("%s: setting context from '%s' to '%s'", __func__, oldctx, + newctx); + if (setcon(newctx) < 0) + logit("%s: setcon failed with %s", __func__, strerror (errno)); + xfree(oldctx); + xfree(newctx); +} #endif /* WITH_SELINUX */ -- cgit v1.2.3 From c8802aac28470714ec204d00342f6ecbca45908f Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Tue, 8 Dec 2009 13:39:48 +1100 Subject: - (dtucker) Bug #1470: Disable OOM-killing of the listening sshd on Linux, based on a patch from Vaclav Ovsik and Colin Watson. ok djm. --- ChangeLog | 4 +++ configure.ac | 5 ++-- openbsd-compat/port-linux.c | 63 +++++++++++++++++++++++++++++++++++++++++++-- openbsd-compat/port-linux.h | 7 ++++- platform.c | 14 +++++++++- platform.h | 3 ++- sshd.c | 1 + 7 files changed, 90 insertions(+), 7 deletions(-) (limited to 'openbsd-compat/port-linux.c') diff --git a/ChangeLog b/ChangeLog index 53d89c905..7f95697f4 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,7 @@ +20091208 + - (dtucker) Bug #1470: Disable OOM-killing of the listening sshd on Linux, + based on a patch from Vaclav Ovsik and Colin Watson. ok djm. + 20091207 - (dtucker) Bug #1160: use pkg-config for opensc config if it's available. Tested by Martin Paljak. diff --git a/configure.ac b/configure.ac index 88a248fb5..94f049fc6 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.431 2009/12/07 00:15:43 dtucker Exp $ +# $Id: configure.ac,v 1.432 2009/12/08 02:39:48 dtucker Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -15,7 +15,7 @@ # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org) -AC_REVISION($Revision: 1.431 $) +AC_REVISION($Revision: 1.432 $) AC_CONFIG_SRCDIR([ssh.c]) AC_CONFIG_HEADER(config.h) @@ -589,6 +589,7 @@ main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16)) if it doesn't return EOPNOTSUPP.]) AC_DEFINE(_PATH_BTMP, "/var/log/btmp", [log for bad login attempts]) AC_DEFINE(USE_BTMP) + AC_DEFINE(LINUX_OOM_ADJUST, 1, [Adjust Linux out-of-memory killer]) inet6_default_4in6=yes case `uname -r` in 1.*|2.0.*) diff --git a/openbsd-compat/port-linux.c b/openbsd-compat/port-linux.c index 88c601e20..cda751dea 100644 --- a/openbsd-compat/port-linux.c +++ b/openbsd-compat/port-linux.c @@ -1,4 +1,4 @@ -/* $Id: port-linux.c,v 1.6 2009/10/24 04:04:13 dtucker Exp $ */ +/* $Id: port-linux.c,v 1.7 2009/12/08 02:39:48 dtucker Exp $ */ /* * Copyright (c) 2005 Daniel Walsh @@ -23,15 +23,17 @@ #include "includes.h" +#if defined(WITH_SELINUX) || defined(LINUX_OOM_ADJUST) #include #include #include +#include -#ifdef WITH_SELINUX #include "log.h" #include "xmalloc.h" #include "port-linux.h" +#ifdef WITH_SELINUX #include #include #include @@ -204,3 +206,60 @@ ssh_selinux_change_context(const char *newname) xfree(newctx); } #endif /* WITH_SELINUX */ + +#ifdef LINUX_OOM_ADJUST +#define OOM_ADJ_PATH "/proc/self/oom_adj" +/* + * The magic "don't kill me", as documented in eg: + * http://lxr.linux.no/#linux+v2.6.32/Documentation/filesystems/proc.txt + */ +#define OOM_ADJ_NOKILL -17 + +static int oom_adj_save = INT_MIN; + +/* + * Tell the kernel's out-of-memory killer to avoid sshd. + * Returns the previous oom_adj value or zero. + */ +void +oom_adjust_setup(void) +{ + FILE *fp; + + debug3("%s", __func__); + if ((fp = fopen(OOM_ADJ_PATH, "r+")) != NULL) { + if (fscanf(fp, "%d", &oom_adj_save) != 1) + logit("error reading %s: %s", OOM_ADJ_PATH, strerror(errno)); + else { + rewind(fp); + if (fprintf(fp, "%d\n", OOM_ADJ_NOKILL) <= 0) + logit("error writing %s: %s", + OOM_ADJ_PATH, strerror(errno)); + else + verbose("Set %s from %d to %d", + OOM_ADJ_PATH, oom_adj_save, OOM_ADJ_NOKILL); + } + fclose(fp); + } +} + +/* Restore the saved OOM adjustment */ +void +oom_adjust_restore(void) +{ + FILE *fp; + + debug3("%s", __func__); + if (oom_adj_save == INT_MIN || (fp = fopen(OOM_ADJ_PATH, "w")) == NULL) + return; + + if (fprintf(fp, "%d\n", oom_adj_save) <= 0) + logit("error writing %s: %s", OOM_ADJ_PATH, strerror(errno)); + else + verbose("Set %s to %d", OOM_ADJ_PATH, oom_adj_save); + + fclose(fp); + return; +} +#endif /* LINUX_OOM_ADJUST */ +#endif /* WITH_SELINUX || LINUX_OOM_ADJUST */ diff --git a/openbsd-compat/port-linux.h b/openbsd-compat/port-linux.h index 6ad4a49f6..209d9a7a2 100644 --- a/openbsd-compat/port-linux.h +++ b/openbsd-compat/port-linux.h @@ -1,4 +1,4 @@ -/* $Id: port-linux.h,v 1.3 2009/10/24 04:04:13 dtucker Exp $ */ +/* $Id: port-linux.h,v 1.4 2009/12/08 02:39:48 dtucker Exp $ */ /* * Copyright (c) 2006 Damien Miller @@ -26,4 +26,9 @@ void ssh_selinux_setup_exec_context(char *); void ssh_selinux_change_context(const char *); #endif +#ifdef LINUX_OOM_ADJUST +void oom_adjust_restore(void); +void oom_adjust_setup(void); +#endif + #endif /* ! _PORT_LINUX_H */ diff --git a/platform.c b/platform.c index aee4b01e7..2dc4352f4 100644 --- a/platform.c +++ b/platform.c @@ -1,4 +1,4 @@ -/* $Id: platform.c,v 1.1 2006/08/30 17:24:41 djm Exp $ */ +/* $Id: platform.c,v 1.2 2009/12/08 02:39:48 dtucker Exp $ */ /* * Copyright (c) 2006 Darren Tucker. All rights reserved. @@ -21,6 +21,15 @@ #include "openbsd-compat/openbsd-compat.h" +void +platform_pre_listen(void) +{ +#ifdef LINUX_OOM_ADJUST + /* Adjust out-of-memory killer so listening process is not killed */ + oom_adjust_setup(); +#endif +} + void platform_pre_fork(void) { @@ -43,4 +52,7 @@ platform_post_fork_child(void) #ifdef USE_SOLARIS_PROCESS_CONTRACTS solaris_contract_post_fork_child(); #endif +#ifdef LINUX_OOM_ADJUST + oom_adjust_restore(); +#endif } diff --git a/platform.h b/platform.h index cf93bc57c..8a34e364e 100644 --- a/platform.h +++ b/platform.h @@ -1,4 +1,4 @@ -/* $Id: platform.h,v 1.1 2006/08/30 17:24:41 djm Exp $ */ +/* $Id: platform.h,v 1.2 2009/12/08 02:39:48 dtucker Exp $ */ /* * Copyright (c) 2006 Darren Tucker. All rights reserved. @@ -18,6 +18,7 @@ #include +void platform_pre_listen(void); void platform_pre_fork(void); void platform_post_fork_parent(pid_t child_pid); void platform_post_fork_child(void); diff --git a/sshd.c b/sshd.c index 04d8f9fa0..38aaa1820 100644 --- a/sshd.c +++ b/sshd.c @@ -1656,6 +1656,7 @@ main(int ac, char **av) if (inetd_flag) { server_accept_inetd(&sock_in, &sock_out); } else { + platform_pre_listen(); server_listen(); if (options.protocol & SSH_PROTO_1) -- cgit v1.2.3 From 9af0cb9accbf42aca8f87d3f3bfffcac20c2f5b4 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Mon, 1 Mar 2010 15:52:49 +1100 Subject: - (dtucker) [openbsd-compat/port-linux.c] Make failure to write to the OOM adjust log at verbose only, since according to cjwatson in bug #1470 some virtualization platforms don't allow writes. --- ChangeLog | 3 +++ openbsd-compat/port-linux.c | 8 ++++---- 2 files changed, 7 insertions(+), 4 deletions(-) (limited to 'openbsd-compat/port-linux.c') diff --git a/ChangeLog b/ChangeLog index 3ce434723..1a318e049 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,6 +1,9 @@ 20100301 - (dtucker) [regress/{cert-hostkey,cfgmatch,cipher-speed}.sh} Replace "echo -n" with "echon" for portability. + - (dtucker) [openbsd-compat/port-linux.c] Make failure to write to the OOM + adjust log at verbose only, since according to cjwatson in bug #1470 + some virtualization platforms don't allow writes. 20100228 - (djm) [auth.c] On Cygwin, refuse usernames that have differences in diff --git a/openbsd-compat/port-linux.c b/openbsd-compat/port-linux.c index cda751dea..89b9a7340 100644 --- a/openbsd-compat/port-linux.c +++ b/openbsd-compat/port-linux.c @@ -1,4 +1,4 @@ -/* $Id: port-linux.c,v 1.7 2009/12/08 02:39:48 dtucker Exp $ */ +/* $Id: port-linux.c,v 1.8 2010/03/01 04:52:50 dtucker Exp $ */ /* * Copyright (c) 2005 Daniel Walsh @@ -229,11 +229,11 @@ oom_adjust_setup(void) debug3("%s", __func__); if ((fp = fopen(OOM_ADJ_PATH, "r+")) != NULL) { if (fscanf(fp, "%d", &oom_adj_save) != 1) - logit("error reading %s: %s", OOM_ADJ_PATH, strerror(errno)); + verbose("error reading %s: %s", OOM_ADJ_PATH, strerror(errno)); else { rewind(fp); if (fprintf(fp, "%d\n", OOM_ADJ_NOKILL) <= 0) - logit("error writing %s: %s", + verbose("error writing %s: %s", OOM_ADJ_PATH, strerror(errno)); else verbose("Set %s from %d to %d", @@ -254,7 +254,7 @@ oom_adjust_restore(void) return; if (fprintf(fp, "%d\n", oom_adj_save) <= 0) - logit("error writing %s: %s", OOM_ADJ_PATH, strerror(errno)); + verbose("error writing %s: %s", OOM_ADJ_PATH, strerror(errno)); else verbose("Set %s to %d", OOM_ADJ_PATH, oom_adj_save); -- cgit v1.2.3