On 05/19/2011 09:37 PM, Michal Hocko wrote:
> There is no general rule on which permissions make sense for files in
> different subsystems. Nevertheless the kernel creates those files with
> the maximum allowed permissions for owner so we should use its part as
> an umask for group and others permissions as well.
> This means that if we specify 777 for file_mode we will end up having
> same permissions as owner what ever they are.
NACK, this will change semantics of public function
cg_chmod_recursive(). I know, it's stupid copy/paste, but please create
new function cg_copymod_recursive (or cpmod or whatever) :(
>
> /etc/cgconfig.conf:
> mount {
> cpu = /cgroup/cpuctl/;
> }
>
> group devel {
> perm {
> task {
> uid = root;
> gid = cgroup;
> fperm = 770;
> }
> admin {
> uid = root;
> gid = cgroup;
> dperm = 775;
> fperm = 770;
> }
> }
> cpu {
> cpu.shares = 5120;
> }
> }
>
> cd /cgroup/cpuctl/devel/
> ls -la
> drwxrwxr-x 2 root cgroup 0 May 19 16:42 .
> drwxr-xr-x 4 root root 0 May 19 16:14 ..
> -rw-rw---- 1 root cgroup 0 May 19 16:42 cgroup.clone_children
> --w--w---- 1 root cgroup 0 May 19 16:42 cgroup.event_control
> -r--r----- 1 root cgroup 0 May 19 16:42 cgroup.procs
> -rw-rw---- 1 root cgroup 0 May 19 16:42 cpu.rt_period_us
> -rw-rw---- 1 root cgroup 0 May 19 16:42 cpu.rt_runtime_us
> -rw-rw---- 1 root cgroup 0 May 19 16:42 cpu.shares
> -rw-rw---- 1 root cgroup 0 May 19 16:42 notify_on_release
> -rw-rw---- 1 root cgroup 0 May 19 16:42 tasks
>
> Signed-off-by: Michal Hocko <[email protected]>
> ---
> src/api.c | 38 +++++++++++++++++++++++++++++++-------
> 1 files changed, 31 insertions(+), 7 deletions(-)
>
> diff --git a/src/api.c b/src/api.c
> index 6f007f1..311db8d 100644
> --- a/src/api.c
> +++ b/src/api.c
> @@ -175,12 +175,40 @@ static int cg_chown_recursive(char **path, uid_t owner,
> gid_t group)
> return ret;
> }
>
> +int cg_chmod_path(const char *path, mode_t mode)
> +{
> + struct stat buf;
> + mode_t umask, gmask, omask;
> +
> + /*
> + * Use owner permissions as an umask for group and others permissions
> + * because we trust kernel to initialize owner permissions to
> + * something useful.
> + */
> + if (stat(path, &buf) == -1)
> + goto fail;
> + umask = S_IRWXU & buf.st_mode;
> + gmask = umask >> 3;
> + omask = gmask >> 3;
> +
> + if (chmod(path, mode & (umask|gmask|omask)))
> + goto fail;
> +
> + return 0;
> +
> +fail:
> + last_errno = errno;
> + return ECGOTHER;
> +}
> +
> int cg_chmod_file(FTS *fts, FTSENT *ent, mode_t dir_mode,
> int dirm_change, mode_t file_mode, int filem_change)
> {
> int ret = 0;
> const char *filename = fts->fts_path;
> +
> cgroup_dbg("chmod: seeing file %s\n", filename);
> +
> switch (ent->fts_info) {
> case FTS_ERR:
> errno = ent->fts_errno;
> @@ -190,20 +218,16 @@ int cg_chmod_file(FTS *fts, FTSENT *ent, mode_t
> dir_mode,
> case FTS_DNR:
> case FTS_DP:
> if (dirm_change)
> - ret = chmod(filename, dir_mode);
> + ret = cg_chmod_path(filename, dir_mode);
> break;
> case FTS_F:
> case FTS_NSOK:
> case FTS_NS:
> case FTS_DEFAULT:
> if (filem_change)
> - ret = chmod(filename, file_mode);
> + ret = cg_chmod_path(filename, file_mode);
> break;
> }
> - if (ret < 0) {
> - last_errno = errno;
> - ret = ECGOTHER;
> - }
> return ret;
> }
>
> @@ -1508,7 +1532,7 @@ int cgroup_create_cgroup(struct cgroup *cgroup, int
> ignore_ownership)
> error = chown(path, cgroup->tasks_uid,
> cgroup->tasks_gid);
> if (!error && cgroup->task_fperm != -1U)
> - error = chmod(path, cgroup->task_fperm);
> + error = cg_chmod_path(path, cgroup->task_fperm);
>
> if (error) {
> last_errno = errno;
'error' returning from cg_chmod_path() is already ECGsomething, don't
update last_errno here! But mind chown() above...
------------------------------------------------------------------------------
What Every C/C++ and Fortran developer Should Know!
Read this article and learn how Intel has extended the reach of its
next-generation tools to help Windows* and Linux* C/C++ and Fortran
developers boost performance applications - including clusters.
http://p.sf.net/sfu/intel-dev2devmay
_______________________________________________
Libcg-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/libcg-devel
