This is a third iteration RFC for permissions setting consolidation. It needs some cleanup (proper declaration of new API, documentation, etc.).
Currently we cannot specify permissions for subsystems files and directories in the configuration file while we can do that by cgcreate tool. The tool, however, changes permissions blindly without considering which of them make sense for particular files. One example is cgroup.event_control which is supposed to be write only. # cgcreate -a root:cgroup -f 775 -g cpu:foo foo# ls -l -rwxrwxr-x 1 root cgroup 0 May 19 11:17 cgroup.clone_children -rwxrwxr-x 1 root cgroup 0 May 19 11:17 cgroup.event_control -rwxrwxr-x 1 root cgroup 0 May 19 11:17 cgroup.procs -rwxrwxr-x 1 root cgroup 0 May 19 11:17 cpu.rt_period_us -rwxrwxr-x 1 root cgroup 0 May 19 11:17 cpu.rt_runtime_us -rwxrwxr-x 1 root cgroup 0 May 19 11:17 cpu.shares -rwxrwxr-x 1 root cgroup 0 May 19 11:17 notify_on_release -rwxrwxr-x 1 root cgroup 0 May 19 11:17 tasks This patchset adds possibility to do the same thing as cgcreate in configuration file and changes the way how we set file permissions. Patch 1 is just preparatory and adds file/directory permissions fields into cgroup so that we can set them from the configuration. Patch 2 actually adds the file permissions handling into configuration. Patch 3 changes the way how we set file and directory permissions. As Jan suggested in the previous discussions we use owner file permissions as an umask for group and others permissions. Changes since v2: * introduced cg_owner_mask_chmod_recursive rather than change cg_chmod_recursive semantic * export cg_owner_mask_chmod_recursive into the public API correctly * got rid of hardcoded -1 for uninitialized permisions and use NO_PERMS constant instead. * dropped patch to change cg_chmod_recursive parameters because it changes ABI. Michal Hocko (3): Add file and directory permissions into cgroup cgconfig: enable setting file permissions chmod_file: Introduce intelligent file permissions setting include/libcgroup/groups.h | 26 ++++++++++++++ src/api.c | 80 ++++++++++++++++++++++++++++++++++++-------- src/config.c | 32 +++++++++++++++++ src/libcgroup-internal.h | 3 ++ src/libcgroup.map | 2 +- src/tools/cgcreate.c | 2 +- src/wrapper.c | 15 ++++++++- 7 files changed, 143 insertions(+), 17 deletions(-) -- 1.7.4.4 ------------------------------------------------------------------------------ vRanger cuts backup time in half-while increasing security. With the market-leading solution for virtual backup and recovery, you get blazing-fast, flexible, and affordable data protection. Download your free trial now. http://p.sf.net/sfu/quest-d2dcopy1 _______________________________________________ Libcg-devel mailing list Libcg-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/libcg-devel
