[Libcg-devel] [PATCH-v2 4/8] Add a exec event to the event handler of cgrulesengd daemon.

Ken'ichi Ohmichi Wed, 03 Jun 2009 01:22:14 -0700

Hi,

Changelog of v2:
================
* No change.


A process name is changed when execve(2), so a new rule based on
process name should be applied when execve(2) happens.
Then this patch adds an EXEC event to the event handler.


Thanks
Ken'ichi Ohmichi

Signed-off-by: Ken'ichi Ohmichi <[email protected]>
---
 src/daemon/cgrulesengd.c |   33 ++++++++++++++++++++++++---------
 1 files changed, 24 insertions(+), 9 deletions(-)

diff --git a/src/daemon/cgrulesengd.c b/src/daemon/cgrulesengd.c
index ff09ca0..be91bbc 100644
--- a/src/daemon/cgrulesengd.c
+++ b/src/daemon/cgrulesengd.c
@@ -225,7 +225,7 @@ static int cgre_was_parent_changed_when_forking(const 
struct proc_event *ev)
        return 0;
 }
 
-static int cgre_change_cgroup_uid_gid(const uid_t uid, const gid_t gid,
+static int cgre_change_cgroup(const uid_t uid, const gid_t gid, char *procname,
                                        const pid_t pid)
 {
        int ret;
@@ -239,7 +239,7 @@ static int cgre_change_cgroup_uid_gid(const uid_t uid, 
const gid_t gid,
        sigaddset(&sigset, SIGUSR2);
        sigprocmask(SIG_BLOCK, &sigset, NULL);
 
-       ret = cgroup_change_cgroup_uid_gid_flags(uid, gid, pid,
+       ret = cgroup_change_cgroup_flags(uid, gid, procname, pid,
                                                 CGFLAG_USECACHE);
        sigprocmask(SIG_UNBLOCK, &sigset, NULL);
 
@@ -256,6 +256,7 @@ static int cgre_change_cgroup_uid_gid(const uid_t uid, 
const gid_t gid,
  */
 int cgre_process_event(const struct proc_event *ev, const int type)
 {
+       char *procname;
        pid_t pid = 0, log_pid = 0;
        uid_t euid, log_uid = 0;
        gid_t egid, log_gid = 0;
@@ -276,6 +277,9 @@ int cgre_process_event(const struct proc_event *ev, const 
int type)
                        return 0;
                pid = ev->event_data.fork.child_pid;
                break;
+       case PROC_EVENT_EXEC:
+               pid = ev->event_data.exec.process_pid;
+               break;
        default:
                break;
        }
@@ -287,6 +291,10 @@ int cgre_process_event(const struct proc_event *ev, const 
int type)
        else if (ret)
                return ret;
 
+       procname = cgroup_get_procname_from_procfs(pid);
+       if (procname == NULL)
+               return 0;
+
        /*
         * Now that we have the UID, the GID, and the PID, we can make a call
         * to libcgroup to change the cgroup for this PID.
@@ -296,25 +304,25 @@ int cgre_process_event(const struct proc_event *ev, const 
int type)
        case PROC_EVENT_UID:
                log_uid = ev->event_data.id.e.euid;
                log_gid = egid;
-               ret = cgre_change_cgroup_uid_gid(
-                                       ev->event_data.id.e.euid,
-                                       egid, pid);
+               euid = ev->event_data.id.e.euid;
                break;
        case PROC_EVENT_GID:
                log_uid = euid;
                log_gid = ev->event_data.id.e.egid;
-               ret = cgre_change_cgroup_uid_gid(euid,
-                                       ev->event_data.id.e.egid, pid);
+               egid = ev->event_data.id.e.egid;
                break;
        case PROC_EVENT_FORK:
                log_uid = euid;
                log_gid = egid;
-               ret = cgre_change_cgroup_uid_gid(euid, egid, pid);
+               break;
+       case PROC_EVENT_EXEC:
+               log_uid = euid;
+               log_gid = egid;
                break;
        default:
                break;
        }
-
+       ret = cgre_change_cgroup(euid, egid, procname, pid);
        if (ret) {
                if ((ret != ECGOTHER) || (errno != ESRCH)) {
                        flog(LOG_WARNING, "Cgroup change for PID: %d, UID: %d,",
@@ -326,6 +334,7 @@ int cgre_process_event(const struct proc_event *ev, const 
int type)
                flog(LOG_INFO, "Cgroup change for PID: %d, UID: %d, GID: %d OK",
                        log_pid, log_uid, log_gid);
        }
+       free(procname);
        return ret;
 }
 
@@ -366,6 +375,12 @@ int cgre_handle_msg(struct cn_msg *cn_hdr)
        case PROC_EVENT_FORK:
                ret = cgre_process_event(ev, PROC_EVENT_FORK);
                break;
+       case PROC_EVENT_EXEC:
+               flog(LOG_DEBUG, "EXEC Event: PID = %d, tGID = %d",
+                               ev->event_data.exec.process_pid,
+                               ev->event_data.exec.process_tgid);
+               ret = cgre_process_event(ev, PROC_EVENT_EXEC);
+               break;
        default:
                break;
        }

------------------------------------------------------------------------------
OpenSolaris 2009.06 is a cutting edge operating system for enterprises 
looking to deploy the next generation of Solaris that includes the latest 
innovations from Sun and the OpenSource community. Download a copy and 
enjoy capabilities such as Networking, Storage and Virtualization. 
Go to: http://p.sf.net/sfu/opensolaris-get
_______________________________________________
Libcg-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/libcg-devel

[Libcg-devel] [PATCH-v2 4/8] Add a exec event to the event handler of cgrulesengd daemon.

Reply via email to