On Wed, Nov 23, 2011 at 7:00 PM, Jan Safranek <jsafr...@redhat.com> wrote:
> Group control or task file owner should have UID/GID set to NO_UID_GID to
> distinguish permissions which were set in config file from undefined
> values. In the end, NO_UID_GID is transtated to UID/GID 0, so users
> won't see any difference.
>
Some justification to what this gains us?
> Signed-off-by: Jan Safranek <jsafr...@redhat.com>
> ---
>
> include/libcgroup/groups.h | 5 +++++
> src/api.c | 12 ++++++++++--
> src/wrapper.c | 2 ++
> 3 files changed, 17 insertions(+), 2 deletions(-)
>
> diff --git a/include/libcgroup/groups.h b/include/libcgroup/groups.h
> index f375a82..39596a1 100644
> --- a/include/libcgroup/groups.h
> +++ b/include/libcgroup/groups.h
> @@ -122,6 +122,11 @@ struct cgroup_controller;
> #define NO_PERMS (-1U)
>
> /**
> + * Uninitialized UID/GID used for task/control files.
> + */
> +#define NO_UID_GID (-1U)
> +
hmm. I am not very sure I like this so much, but it is highly unlikely
we will get a UID/GID value of 4294967295
> +/**
> * Allocate new cgroup structure. This function itself does not create new
> * control group in kernel, only new <tt>struct cgroup</tt> inside libcgroup!
> *
> diff --git a/src/api.c b/src/api.c
> index d3aaa45..0c55f1a 100644
> --- a/src/api.c
> +++ b/src/api.c
> @@ -122,6 +122,14 @@ const char const *cgroup_strerror_codes[] = {
>
> static const char const *cgroup_ignored_tasks_files[] = { "tasks", NULL };
>
> +static int cg_chown(const char *filename, uid_t owner, gid_t group)
> +{
> + if (owner == NO_UID_GID)
> + owner = 0;
> + if (group == NO_UID_GID)
> + group = 0;
> + return chown(filename, owner, group);
> +}
> static int cg_chown_file(FTS *fts, FTSENT *ent, uid_t owner, gid_t group)
> {
> int ret = 0;
> @@ -139,7 +147,7 @@ static int cg_chown_file(FTS *fts, FTSENT *ent, uid_t
> owner, gid_t group)
> case FTS_DP:
> case FTS_F:
> case FTS_DEFAULT:
> - ret = chown(filename, owner, group);
> + ret = cg_chown(filename, owner, group);
> break;
> }
> if (ret < 0) {
> @@ -1613,7 +1621,7 @@ int cgroup_create_cgroup(struct cgroup *cgroup, int
> ignore_ownership)
> error = ECGOTHER;
> goto err;
> }
> - error = chown(path, cgroup->tasks_uid,
> + error = cg_chown(path, cgroup->tasks_uid,
> cgroup->tasks_gid);
> if (!error && cgroup->task_fperm != NO_PERMS)
> error = cg_chmod_path(path, cgroup->task_fperm,
> diff --git a/src/wrapper.c b/src/wrapper.c
> index 95be969..50b8013 100644
> --- a/src/wrapper.c
> +++ b/src/wrapper.c
> @@ -29,6 +29,8 @@
> static void init_cgroup(struct cgroup *cgroup)
> {
> cgroup->task_fperm = cgroup->control_fperm = cgroup->control_dperm =
> NO_PERMS;
> + cgroup->control_gid = cgroup->control_uid = cgroup->tasks_gid =
> + cgroup->tasks_uid = NO_UID_GID;
> }
>
> void init_cgroup_table(struct cgroup *cgroups, size_t count)
>
------------------------------------------------------------------------------
All the data continuously generated in your IT infrastructure
contains a definitive record of customers, application performance,
security threats, fraudulent activity, and more. Splunk takes this
data and makes sense of it. IT sense. And common sense.
http://p.sf.net/sfu/splunk-novd2d
_______________________________________________
Libcg-devel mailing list
Libcg-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/libcg-devel
