The patchset has four patches:
1/ cgsnapshot tool itself. This tool contains the option to ignore some
variables (blacklist)
or output only the chosen variables (whitelist).
2/ the man page for cgsnapshot tool
3/ the cgsnapshot_blacklist.conf configuration file. It is the list of
all variables from 2.6.34.
which need some special logic which is not implement in cgsnapshot yet.
4/ the cgsnapshot_whitelist.conf configuration file which contains all
variables from 2.6.34
tests:
The patch were tested on several configuration files:
* use the original configuration file (*.orig file)
* generate the cgsnapshot one (*.gen file) - with the default black
and white list
* cgclean all
* use the cgsnapshot generated configuration (*.gen file)
* compare the results
tested configuration files are attached.
TODOs:
* there are 4 variables which can't be handled by cgsnapshot, now
switched off in blacklist,
there should be add the logic for them
* add the variables which are on the last kernel to lists and find out
whether they are parsed well
* add an option which will combine the groups which have the same name
and permissions
* remove the permission tag if there are root permissions only
* try to sort the groups to have unified output
* add the possibility to use meta-characters like cpuset.* in blacklist
and whitelist
* add the possibility to use more -b and -w files
Ivana Hutarova Varekova
------------------------------------------------------------------------------
Virtualization is moving to the mainstream and overtaking non-virtualized
environment for deploying applications. Does it make network security
easier or more difficult to achieve? Read this whitepaper to separate the
two and get a better understanding.
http://p.sf.net/sfu/hp-phase2-d2d
_______________________________________________
Libcg-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/libcg-devel
