There is no general rule on which permissions make sense for files in
different subsystems. Nevertheless the kernel creates those files with
the maximum allowed permissions for owner so we should use its part as
an umask for group and others permissions as well.
This means that if we specify 777 for file_mode we will end up having
same permissions as owner what ever they are.
/etc/cgconfig.conf:
mount {
cpu = /cgroup/cpuctl/;
}
group devel {
perm {
task {
uid = root;
gid = cgroup;
fperm = 770;
}
admin {
uid = root;
gid = cgroup;
dperm = 775;
fperm = 770;
}
}
cpu {
cpu.shares = 5120;
}
}
cd /cgroup/cpuctl/devel/
ls -la
drwxrwxr-x 2 root cgroup 0 May 19 16:42 .
drwxr-xr-x 4 root root 0 May 19 16:14 ..
-rw-rw---- 1 root cgroup 0 May 19 16:42 cgroup.clone_children
--w--w---- 1 root cgroup 0 May 19 16:42 cgroup.event_control
-r--r----- 1 root cgroup 0 May 19 16:42 cgroup.procs
-rw-rw---- 1 root cgroup 0 May 19 16:42 cpu.rt_period_us
-rw-rw---- 1 root cgroup 0 May 19 16:42 cpu.rt_runtime_us
-rw-rw---- 1 root cgroup 0 May 19 16:42 cpu.shares
-rw-rw---- 1 root cgroup 0 May 19 16:42 notify_on_release
-rw-rw---- 1 root cgroup 0 May 19 16:42 tasks
Signed-off-by: Michal Hocko <mho...@suse.cz>
---
src/api.c | 38 +++++++++++++++++++++++++++++++-------
1 files changed, 31 insertions(+), 7 deletions(-)
diff --git a/src/api.c b/src/api.c
index 65145f0..8be7495 100644
--- a/src/api.c
+++ b/src/api.c
@@ -175,12 +175,40 @@ static int cg_chown_recursive(char **path, uid_t owner,
gid_t group)
return ret;
}
+int cg_chmod_path(const char *path, mode_t mode)
+{
+ struct stat buf;
+ mode_t umask, gmask, omask;
+
+ /*
+ * Use owner permissions as an umask for group and others permissions
+ * because we trust kernel to initialize owner permissions to
+ * something useful.
+ */
+ if (stat(path, &buf) == -1)
+ goto fail;
+ umask = S_IRWXU & buf.st_mode;
+ gmask = umask >> 3;
+ omask = gmask >> 3;
+
+ if (chmod(path, mode & (umask|gmask|omask)))
+ goto fail;
+
+ return 0;
+
+fail:
+ last_errno = errno;
+ return ECGOTHER;
+}
+
int cg_chmod_file(FTS *fts, FTSENT *ent, mode_t dir_mode,
mode_t file_mode)
{
int ret = 0;
const char *filename = fts->fts_path;
+
cgroup_dbg("chmod: seeing file %s\n", filename);
+
switch (ent->fts_info) {
case FTS_ERR:
errno = ent->fts_errno;
@@ -190,20 +218,16 @@ int cg_chmod_file(FTS *fts, FTSENT *ent, mode_t dir_mode,
case FTS_DNR:
case FTS_DP:
if (dir_mode != -1U)
- ret = chmod(filename, dir_mode);
+ ret = cg_chmod_path(filename, dir_mode);
break;
case FTS_F:
case FTS_NSOK:
case FTS_NS:
case FTS_DEFAULT:
if (file_mode != -1U)
- ret = chmod(filename, file_mode);
+ ret = cg_chmod_path(filename, file_mode);
break;
}
- if (ret < 0) {
- last_errno = errno;
- ret = ECGOTHER;
- }
return ret;
}
@@ -1507,7 +1531,7 @@ int cgroup_create_cgroup(struct cgroup *cgroup, int
ignore_ownership)
error = chown(path, cgroup->tasks_uid,
cgroup->tasks_gid);
if (!error && cgroup->task_fperm != -1U)
- error = chmod(path, cgroup->task_fperm);
+ error = cg_chmod_path(path, cgroup->task_fperm);
if (error) {
last_errno = errno;
--
1.7.4.4
------------------------------------------------------------------------------
What Every C/C++ and Fortran developer Should Know!
Read this article and learn how Intel has extended the reach of its
next-generation tools to help Windows* and Linux* C/C++ and Fortran
developers boost performance applications - including clusters.
http://p.sf.net/sfu/intel-dev2devmay
_______________________________________________
Libcg-devel mailing list
Libcg-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/libcg-devel
