Based on cgcreate arguments, cgconfigparser now has command line arguments
to set default permissions of groups and files created by it.
Signed-off-by: Jan Safranek <jsafr...@redhat.com>
---
doc/man/cgconfigparser.8 | 30 ++++++++++++++++++++
src/tools/cgconfig.c | 69 +++++++++++++++++++++++++++++++++++++++++++++-
2 files changed, 97 insertions(+), 2 deletions(-)
diff --git a/doc/man/cgconfigparser.8 b/doc/man/cgconfigparser.8
index fdd6956..906b472 100644
--- a/doc/man/cgconfigparser.8
+++ b/doc/man/cgconfigparser.8
@@ -22,11 +22,41 @@ mount points defined by the configuration file.
The format of the file is described in
\fBcgconfig.conf\fR. This option can be used multiple times and can be mixed
with \fB-L\fR option.
+
.TP
.B -L, --load-directory=DIR
Finds all files in given directory and parses them in alphabetical order
like they were specified by \fB-l\fR option. This option can be used
multiple times and can be mixed with \fB-l\fR option.
+
+.TP
+.B -a <agid>:<auid>
+defines the default owner of the
+rest of the defined control group’s files. These users are
+allowed to set subsystem parameters and create subgroups.
+The default value is the same as has the parent cgroup.
+
+.TP
+.B -d, --dperm=mode
+sets the default permissions of a control groups directory.
+The permissions needs to be specified as octal numbers e.g.
+\fB-d 775\fR.
+
+.TP
+.B -f, --fperm=mode
+sets the default permissions of the control groups and tasks files.
+The permissions needs to be specified as octal numbers e.g.
+\fB-f 775\fR.
+The value is not used as given because the current owner's
+permissions are used as an umask (so 777 will set group and
+others permissions to the owners permissions).
+
+.TP
+.B -t <tuid>:<tgid>
+defines the default owner of tasks file of the defined control
+group. I.e. this user and members
+of this group have write access to the file.
+
.LP
.SH SEE ALSO
diff --git a/src/tools/cgconfig.c b/src/tools/cgconfig.c
index cc2a633..e6c7300 100644
--- a/src/tools/cgconfig.c
+++ b/src/tools/cgconfig.c
@@ -35,7 +35,6 @@
static struct cgroup_string_list cfg_files;
-
static void usage(char *progname)
{
printf("Usage: %s [-l FILE] ...\n", basename(progname));
@@ -46,6 +45,14 @@ static void usage(char *progname)
" configuration file\n");
printf(" -L, --load-directory=DIR Parse and load the cgroups"\
" configuration files from a directory\n");
+ printf(" -a <tuid>:<tgid> Default owner of groups files"\
+ " and directories\n");
+ printf(" -d, --dperm mode Default group directory"\
+ " permissions\n");
+ printf(" -f, --fperm mode Default group file"\
+ " permissions\n");
+ printf(" -t <tuid>:<tgid> Default owner of the tasks "
+ "file");
exit(2);
}
@@ -57,15 +64,27 @@ int main(int argc, char *argv[])
{"help", 0, 0, 'h'},
{"load", 1, 0, 'l'},
{"load-directory", 1, 0, 'L'},
+ {"task", required_argument, NULL, 't'},
+ {"admin", required_argument, NULL, 'a'},
+ {"dperm", required_argument, NULL, 'd'},
+ {"fperm", required_argument, NULL, 'f' },
{0, 0, 0, 0}
};
+ uid_t tuid = NO_UID_GID, auid = NO_UID_GID;
+ gid_t tgid = NO_UID_GID, agid = NO_UID_GID;
+ mode_t dir_mode = 0;
+ mode_t file_mode = 0;
+ int dirm_change = 0;
+ int filem_change = 0;
+ struct cgroup *default_group = NULL;
if (argc < 2)
usage(argv[0]); /* usage() exits */
ret = cgroup_string_list_init(&cfg_files, argc/2);
- while ((c = getopt_long(argc, argv, "hl:L:", options, NULL)) > 0) {
+ while ((c = getopt_long(argc, argv, "hl:L:t:a:d:f:", options,
+ NULL)) > 0) {
switch (c) {
case 'h':
usage(argv[0]);
@@ -82,12 +101,56 @@ int main(int argc, char *argv[])
cgroup_string_list_add_directory(&cfg_files, optarg,
argv[0]);
break;
+ case 'a':
+ /* set admin uid/gid */
+ if (parse_uid_gid(optarg, &auid, &agid, argv[0]))
+ goto err;
+ break;
+ case 't':
+ /* set task uid/gid */
+ if (parse_uid_gid(optarg, &tuid, &tgid, argv[0]))
+ goto err;
+ break;
+ case 'd':
+ dirm_change = 1;
+ ret = parse_mode(optarg, &dir_mode, argv[0]);
+ break;
+ case 'f':
+ filem_change = 1;
+ ret = parse_mode(optarg, &file_mode, argv[0]);
+ break;
default:
usage(argv[0]);
break;
}
}
+ /* set default permissions */
+ default_group = cgroup_new_cgroup("default");
+ if (!default_group) {
+ fprintf(stderr, "%s: cannot create default cgroup\n", argv[0]);
+ goto err;
+ }
+
+ error = cgroup_set_uid_gid(default_group, tuid, tgid, auid, agid);
+ if (error) {
+ fprintf(stderr, "%s: cannot set default UID and GID: %s\n",
+ argv[0], cgroup_strerror(ret));
+ goto err;
+ }
+
+ if (dirm_change + filem_change > 0) {
+ cgroup_set_permissions(default_group, dir_mode, file_mode,
+ file_mode);
+ }
+
+ error = cgroup_config_set_default(default_group);
+ if (error) {
+ fprintf(stderr, "%s: cannot set config parser defaults: %s\n",
+ argv[0], cgroup_strerror(ret));
+ goto err;
+ }
+
for (i = 0; i < cfg_files.count; i++) {
ret = cgroup_config_load_config(cfg_files.items[i]);
if (ret) {
@@ -99,6 +162,8 @@ int main(int argc, char *argv[])
}
}
+err:
+ cgroup_free(&default_group);
cgroup_string_list_free(&cfg_files);
return error;
}
------------------------------------------------------------------------------
All the data continuously generated in your IT infrastructure
contains a definitive record of customers, application performance,
security threats, fraudulent activity, and more. Splunk takes this
data and makes sense of it. IT sense. And common sense.
http://p.sf.net/sfu/splunk-novd2d
_______________________________________________
Libcg-devel mailing list
Libcg-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/libcg-devel
