On 06/07/2011 02:32 PM, Michal Hocko wrote:
> We cannot setup file or directory permissions in (/etc/cgconfig.conf)
> configuration file while we can do this with available tools.
> This patch adds new two options fperm, dperm.
> Task section supports only fperm, because there are no directories
> involved while admin section supports both of them.
>
> Example:
> /etc/cgconfig.conf:
> mount {
> cpu = /dev/cpuctl;
> }
> group devel {
> perm {
> task {
> uid = root;
> gid = cgroup;
> fperm = 660;
> }
> admin {
> uid = root;
> gid = cgroup;
> dperm = 775;
> }
> }
> cpu {
> cpu.shares = 5120;
> }
> }
>
> $ tools/cgconfigparser -l /etc/cgconfig.conf
> $ ls -la /dev/cpuctl/devel/
> total 0
> drwxrwxr-x 2 root cgroup 0 May 13 15:22 .
> drwxr-xr-x 3 root root 0 May 13 15:22 ..
> -rw-r--r-- 1 root cgroup 0 May 13 15:22 cgroup.clone_children
> --w--w--w- 1 root cgroup 0 May 13 15:22 cgroup.event_control
> -r--r--r-- 1 root cgroup 0 May 13 15:22 cgroup.procs
> -rw-r--r-- 1 root cgroup 0 May 13 15:22 cpu.rt_period_us
> -rw-r--r-- 1 root cgroup 0 May 13 15:22 cpu.rt_runtime_us
> -rw-r--r-- 1 root cgroup 0 May 13 15:22 cpu.shares
> -rw-r--r-- 1 root cgroup 0 May 13 15:22 notify_on_release
> -rw-rw---- 1 root cgroup 0 May 13 15:22 tasks
>
> This patch enhances parser callbacks to initialize cgroup->task_fperm
> and cgroup->control_[fd]perm and forces chmod at general
> cgroup_create_cgroup level. This is safe because everybody who uses
> cgroup has those values initialized to -1 unless they are set and then
> they should be used.
>
> Signed-off-by: Michal Hocko <mho...@suse.cz>
Acked-By: Jan Safranek <jsafr...@redhat.com>
> ---
> src/api.c | 11 +++++++++++
> src/config.c | 24 ++++++++++++++++++++++++
> 2 files changed, 35 insertions(+), 0 deletions(-)
>
> diff --git a/src/api.c b/src/api.c
> index f295102..0f308af 100644
> --- a/src/api.c
> +++ b/src/api.c
> @@ -1475,6 +1475,13 @@ int cgroup_create_cgroup(struct cgroup *cgroup, int
> ignore_ownership)
> cgroup_dbg("Changing ownership of %s\n", fts_path[0]);
> error = cg_chown_recursive(fts_path,
> cgroup->control_uid, cgroup->control_gid);
> + if (!error) {
> + error =
> cg_chmod_recursive_controller(fts_path[0],
> + cgroup->control_dperm,
> + cgroup->control_dperm !=
> NO_PERMS,
> + cgroup->control_fperm,
> + cgroup->control_fperm !=
> NO_PERMS);
> + }
> }
>
> if (error)
> @@ -1521,11 +1528,15 @@ int cgroup_create_cgroup(struct cgroup *cgroup, int
> ignore_ownership)
> }
> error = chown(path, cgroup->tasks_uid,
> cgroup->tasks_gid);
> + if (!error && cgroup->task_fperm != NO_PERMS)
> + error = chmod(path, cgroup->task_fperm);
> +
> if (error) {
> last_errno = errno;
> error = ECGOTHER;
> goto err;
> }
> +
> }
> free(base);
> base = NULL;
> diff --git a/src/config.c b/src/config.c
> index 92d8227..3e67b4f 100644
> --- a/src/config.c
> +++ b/src/config.c
> @@ -234,6 +234,14 @@ int cgroup_config_group_task_perm(char *perm_type, char
> *value)
> config_cgroup->tasks_gid = val;
> }
>
> + if (!strcmp(perm_type, "fperm")) {
> + char *endptr;
> + val = strtol(value, &endptr, 8);
> + if (*endptr)
> + goto group_task_error;
> + config_cgroup->task_fperm = val;
> + }
> +
> free(perm_type);
> free(value);
> return 1;
> @@ -300,6 +308,22 @@ int cgroup_config_group_admin_perm(char *perm_type, char
> *value)
> config_cgroup->control_gid = val;
> }
>
> + if (!strcmp(perm_type, "fperm")) {
> + char *endptr;
> + val = strtol(value, &endptr, 8);
> + if (*endptr)
> + goto admin_error;
> + config_cgroup->control_fperm = val;
> + }
> +
> + if (!strcmp(perm_type, "dperm")) {
> + char *endptr;
> + val = strtol(value, &endptr, 8);
> + if (*endptr)
> + goto admin_error;
> + config_cgroup->control_dperm = val;
> + }
> +
> free(perm_type);
> free(value);
> return 1;
------------------------------------------------------------------------------
EditLive Enterprise is the world's most technically advanced content
authoring tool. Experience the power of Track Changes, Inline Image
Editing and ensure content is compliant with Accessibility Checking.
http://p.sf.net/sfu/ephox-dev2dev
_______________________________________________
Libcg-devel mailing list
Libcg-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/libcg-devel
