We cannot setup file or directory permissions in (/etc/cgconfig.conf)
configuration file while we can do this with available tools.
This patch adds new two options fperm, dperm.
Task section supports only fperm, because there are no directories
involved while admin section supports both of them.
Example:
/etc/cgconfig.conf:
mount {
cpu = /dev/cpuctl;
}
group devel {
perm {
task {
uid = root;
gid = cgroup;
fperm = 660;
}
admin {
uid = root;
gid = cgroup;
dperm = 775;
}
}
cpu {
cpu.shares = 5120;
}
}
$ tools/cgconfigparser -l /etc/cgconfig.conf
$ ls -la /dev/cpuctl/devel/
total 0
drwxrwxr-x 2 root cgroup 0 May 13 15:22 .
drwxr-xr-x 3 root root 0 May 13 15:22 ..
-rw-r--r-- 1 root cgroup 0 May 13 15:22 cgroup.clone_children
--w--w--w- 1 root cgroup 0 May 13 15:22 cgroup.event_control
-r--r--r-- 1 root cgroup 0 May 13 15:22 cgroup.procs
-rw-r--r-- 1 root cgroup 0 May 13 15:22 cpu.rt_period_us
-rw-r--r-- 1 root cgroup 0 May 13 15:22 cpu.rt_runtime_us
-rw-r--r-- 1 root cgroup 0 May 13 15:22 cpu.shares
-rw-r--r-- 1 root cgroup 0 May 13 15:22 notify_on_release
-rw-rw---- 1 root cgroup 0 May 13 15:22 tasks
This patch enhances parser callbacks to initialize cgroup->task_fperm
and cgroup->control_[fd]perm and forces chmod at general
cgroup_create_cgroup level. This is safe because everybody who uses
cgroup has those values initialized to -1 unless they are set and then
they should be used.
Signed-off-by: Michal Hocko <mho...@suse.cz>
---
src/api.c | 11 +++++++++++
src/config.c | 24 ++++++++++++++++++++++++
2 files changed, 35 insertions(+), 0 deletions(-)
diff --git a/src/api.c b/src/api.c
index f295102..23772f3 100644
--- a/src/api.c
+++ b/src/api.c
@@ -1475,6 +1475,13 @@ int cgroup_create_cgroup(struct cgroup *cgroup, int
ignore_ownership)
cgroup_dbg("Changing ownership of %s\n", fts_path[0]);
error = cg_chown_recursive(fts_path,
cgroup->control_uid, cgroup->control_gid);
+ if (!error) {
+ error =
cg_chmod_recursive_controller(fts_path[0],
+
cgroup->control_dperm,
+
cgroup->control_dperm != NO_PERMS,
+
cgroup->control_fperm,
+
cgroup->control_fperm != NO_PERMS);
+ }
}
if (error)
@@ -1521,11 +1528,15 @@ int cgroup_create_cgroup(struct cgroup *cgroup, int
ignore_ownership)
}
error = chown(path, cgroup->tasks_uid,
cgroup->tasks_gid);
+ if (!error && cgroup->task_fperm != NO_PERMS)
+ error = chmod(path, cgroup->task_fperm);
+
if (error) {
last_errno = errno;
error = ECGOTHER;
goto err;
}
+
}
free(base);
base = NULL;
diff --git a/src/config.c b/src/config.c
index 83ef633..5847fe6 100644
--- a/src/config.c
+++ b/src/config.c
@@ -236,6 +236,14 @@ int cgroup_config_group_task_perm(char *perm_type, char
*value)
config_cgroup->tasks_gid = val;
}
+ if(!strcmp(perm_type, "fperm")) {
+ char *endptr;
+ val = strtol(value, &endptr, 8);
+ if (*endptr)
+ goto group_task_error;
+ config_cgroup->task_fperm = val;
+ }
+
free(perm_type);
free(value);
return 1;
@@ -302,6 +310,22 @@ int cgroup_config_group_admin_perm(char *perm_type, char
*value)
config_cgroup->control_gid = val;
}
+ if(!strcmp(perm_type, "fperm")) {
+ char *endptr;
+ val = strtol(value, &endptr, 8);
+ if (*endptr)
+ goto admin_error;
+ config_cgroup->control_fperm = val;
+ }
+
+ if(!strcmp(perm_type, "dperm")) {
+ char *endptr;
+ val = strtol(value, &endptr, 8);
+ if (*endptr)
+ goto admin_error;
+ config_cgroup->control_dperm = val;
+ }
+
free(perm_type);
free(value);
return 1;
--
1.7.5.3
------------------------------------------------------------------------------
EditLive Enterprise is the world's most technically advanced content
authoring tool. Experience the power of Track Changes, Inline Image
Editing and ensure content is compliant with Accessibility Checking.
http://p.sf.net/sfu/ephox-dev2dev
_______________________________________________
Libcg-devel mailing list
Libcg-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/libcg-devel
