diff options
Diffstat (limited to 'crypto/openssh/openbsd-compat/port-linux.c')
| -rw-r--r-- | crypto/openssh/openbsd-compat/port-linux.c | 73 |
1 files changed, 53 insertions, 20 deletions
diff --git a/crypto/openssh/openbsd-compat/port-linux.c b/crypto/openssh/openbsd-compat/port-linux.c index 89b9a73..fe6fc2d 100644 --- a/crypto/openssh/openbsd-compat/port-linux.c +++ b/crypto/openssh/openbsd-compat/port-linux.c @@ -1,4 +1,4 @@ -/* $Id: port-linux.c,v 1.8 2010/03/01 04:52:50 dtucker Exp $ */ +/* $Id: port-linux.c,v 1.11.4.3 2011/02/06 02:24:17 dtucker Exp $ */ /* * Copyright (c) 2005 Daniel Walsh <dwalsh@redhat.com> @@ -45,7 +45,7 @@ ssh_selinux_enabled(void) static int enabled = -1; if (enabled == -1) { - enabled = is_selinux_enabled(); + enabled = (is_selinux_enabled() == 1); debug("SELinux support %s", enabled ? "enabled" : "disabled"); } @@ -205,17 +205,41 @@ ssh_selinux_change_context(const char *newname) xfree(oldctx); xfree(newctx); } + +void +ssh_selinux_setfscreatecon(const char *path) +{ + security_context_t context; + + if (!ssh_selinux_enabled()) + return; + if (path == NULL) { + setfscreatecon(NULL); + return; + } + if (matchpathcon(path, 0700, &context) == 0) + setfscreatecon(context); +} + #endif /* WITH_SELINUX */ #ifdef LINUX_OOM_ADJUST -#define OOM_ADJ_PATH "/proc/self/oom_adj" /* - * The magic "don't kill me", as documented in eg: + * The magic "don't kill me" values, old and new, as documented in eg: * http://lxr.linux.no/#linux+v2.6.32/Documentation/filesystems/proc.txt + * http://lxr.linux.no/#linux+v2.6.36/Documentation/filesystems/proc.txt */ -#define OOM_ADJ_NOKILL -17 static int oom_adj_save = INT_MIN; +static char *oom_adj_path = NULL; +struct { + char *path; + int value; +} oom_adjust[] = { + {"/proc/self/oom_score_adj", -1000}, /* kernels >= 2.6.36 */ + {"/proc/self/oom_adj", -17}, /* kernels <= 2.6.35 */ + {NULL, 0}, +}; /* * Tell the kernel's out-of-memory killer to avoid sshd. @@ -224,23 +248,31 @@ static int oom_adj_save = INT_MIN; void oom_adjust_setup(void) { + int i, value; FILE *fp; debug3("%s", __func__); - if ((fp = fopen(OOM_ADJ_PATH, "r+")) != NULL) { - if (fscanf(fp, "%d", &oom_adj_save) != 1) - verbose("error reading %s: %s", OOM_ADJ_PATH, strerror(errno)); - else { - rewind(fp); - if (fprintf(fp, "%d\n", OOM_ADJ_NOKILL) <= 0) - verbose("error writing %s: %s", - OOM_ADJ_PATH, strerror(errno)); - else - verbose("Set %s from %d to %d", - OOM_ADJ_PATH, oom_adj_save, OOM_ADJ_NOKILL); + for (i = 0; oom_adjust[i].path != NULL; i++) { + oom_adj_path = oom_adjust[i].path; + value = oom_adjust[i].value; + if ((fp = fopen(oom_adj_path, "r+")) != NULL) { + if (fscanf(fp, "%d", &oom_adj_save) != 1) + verbose("error reading %s: %s", oom_adj_path, + strerror(errno)); + else { + rewind(fp); + if (fprintf(fp, "%d\n", value) <= 0) + verbose("error writing %s: %s", + oom_adj_path, strerror(errno)); + else + verbose("Set %s from %d to %d", + oom_adj_path, oom_adj_save, value); + } + fclose(fp); + return; } - fclose(fp); } + oom_adj_path = NULL; } /* Restore the saved OOM adjustment */ @@ -250,13 +282,14 @@ oom_adjust_restore(void) FILE *fp; debug3("%s", __func__); - if (oom_adj_save == INT_MIN || (fp = fopen(OOM_ADJ_PATH, "w")) == NULL) + if (oom_adj_save == INT_MIN || oom_adj_path == NULL || + (fp = fopen(oom_adj_path, "w")) == NULL) return; if (fprintf(fp, "%d\n", oom_adj_save) <= 0) - verbose("error writing %s: %s", OOM_ADJ_PATH, strerror(errno)); + verbose("error writing %s: %s", oom_adj_path, strerror(errno)); else - verbose("Set %s to %d", OOM_ADJ_PATH, oom_adj_save); + verbose("Set %s to %d", oom_adj_path, oom_adj_save); fclose(fp); return; |
