We cannot setup file or directory permissions in (/etc/cgconfig.conf)
configuration file while we can do this with available tools.
This patch adds new two options fperm, dperm.
Task section supports only fperm, because there are no directories
involved while admin section supports both of them.
Example:
/etc/cgconfig.conf:
mount {
cpu = /dev/cpuctl;
}
group devel {
perm {
task {
uid = root;
gid = cgroup;
fperm = 660;
}
admin {
uid = root;
gid = cgroup;
dperm = 775;
}
}
cpu {
cpu.shares = 5120;
}
}
$ tools/cgconfigparser -l /etc/cgconfig.conf
$ ls -la /dev/cpuctl/devel/
total 0
drwxrwxr-x 2 root cgroup 0 May 13 15:22 .
drwxr-xr-x 3 root root 0 May 13 15:22 ..
-rw-r--r-- 1 root cgroup 0 May 13 15:22 cgroup.clone_children
--w--w--w- 1 root cgroup 0 May 13 15:22 cgroup.event_control
-r--r--r-- 1 root cgroup 0 May 13 15:22 cgroup.procs
-rw-r--r-- 1 root cgroup 0 May 13 15:22 cpu.rt_period_us
-rw-r--r-- 1 root cgroup 0 May 13 15:22 cpu.rt_runtime_us
-rw-r--r-- 1 root cgroup 0 May 13 15:22 cpu.shares
-rw-r--r-- 1 root cgroup 0 May 13 15:22 notify_on_release
-rw-rw---- 1 root cgroup 0 May 13 15:22 tasks
This patch enhances parser callbacks to initialize cgroup->task_fperm
and cgroup->control_[fd]perm and forces chmod at general
cgroup_create_cgroup level. This is safe because everybody who uses
cgroup has those values initialized to -1 unless they are set and then
they should be used.
Signed-off-by: Michal Hocko <mho...@suse.cz>
---
src/api.c | 11 +++++++++++
src/config.c | 24 ++++++++++++++++++++++++
2 files changed, 35 insertions(+), 0 deletions(-)
diff --git a/src/api.c b/src/api.c
index 53c76e8..eb9f902 100644
--- a/src/api.c
+++ b/src/api.c
@@ -1456,6 +1456,13 @@ int cgroup_create_cgroup(struct cgroup *cgroup, int
ignore_ownership)
cgroup_dbg("Changing ownership of %s\n", fts_path[0]);
error = cg_chown_recursive(fts_path,
cgroup->control_uid, cgroup->control_gid);
+ if (!error) {
+ error = cg_chmod_recursive(cgroup,
+ cgroup->control_dperm,
+ cgroup->control_dperm !=
NO_PERMS,
+ cgroup->control_fperm,
+ cgroup->control_fperm !=
NO_PERMS);
+ }
}
if (error)
@@ -1502,11 +1509,15 @@ int cgroup_create_cgroup(struct cgroup *cgroup, int
ignore_ownership)
}
error = chown(path, cgroup->tasks_uid,
cgroup->tasks_gid);
+ if (!error && cgroup->task_fperm != NO_PERMS)
+ error = chmod(path, cgroup->task_fperm);
+
if (error) {
last_errno = errno;
error = ECGOTHER;
goto err;
}
+
}
free(base);
base = NULL;
diff --git a/src/config.c b/src/config.c
index 4f5d04a..5c57eee 100644
--- a/src/config.c
+++ b/src/config.c
@@ -236,6 +236,14 @@ int cgroup_config_group_task_perm(char *perm_type, char
*value)
config_cgroup->tasks_gid = val;
}
+ if(!strcmp(perm_type, "fperm")) {
+ char *endptr;
+ val = strtol(value, &endptr, 8);
+ if (*endptr)
+ goto group_task_error;
+ config_cgroup->task_fperm = val;
+ }
+
free(perm_type);
free(value);
return 1;
@@ -302,6 +310,22 @@ int cgroup_config_group_admin_perm(char *perm_type, char
*value)
config_cgroup->control_gid = val;
}
+ if(!strcmp(perm_type, "fperm")) {
+ char *endptr;
+ val = strtol(value, &endptr, 8);
+ if (*endptr)
+ goto admin_error;
+ config_cgroup->control_fperm = val;
+ }
+
+ if(!strcmp(perm_type, "dperm")) {
+ char *endptr;
+ val = strtol(value, &endptr, 8);
+ if (*endptr)
+ goto admin_error;
+ config_cgroup->control_dperm = val;
+ }
+
free(perm_type);
free(value);
return 1;
--
1.7.4.4
------------------------------------------------------------------------------
vRanger cuts backup time in half-while increasing security.
With the market-leading solution for virtual backup and recovery,
you get blazing-fast, flexible, and affordable data protection.
Download your free trial now.
http://p.sf.net/sfu/quest-d2dcopy1
_______________________________________________
Libcg-devel mailing list
Libcg-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/libcg-devel
