On Wed, Nov 23, 2011 at 7:00 PM, Jan Safranek <jsafr...@redhat.com> wrote:
> With cgroup_config_set_default() can an application set default permissions
> of groups and files created by cgroup_config_load_config(). See the
> documentation of the function.
>
> Signed-off-by: Jan Safranek <jsafr...@redhat.com>
> ---
>
> include/libcgroup/config.h | 18 ++++++++++++++++++
> src/config.c | 27 +++++++++++++++++++++++++--
> src/libcgroup.map | 1 +
> 3 files changed, 44 insertions(+), 2 deletions(-)
>
> diff --git a/include/libcgroup/config.h b/include/libcgroup/config.h
> index 4cf5ce0..2dfdd32 100644
> --- a/include/libcgroup/config.h
> +++ b/include/libcgroup/config.h
> @@ -56,6 +56,24 @@ int cgroup_unload_cgroups(void);
> int cgroup_config_unload_config(const char *pathname, int flags);
>
> /**
> + * Sets default permissions of groups created by subsequent
> + * cgroup_config_load_config() calls. If a config file contains a 'default
> {}'
> + * section, the default permissions from the config file is then used.
> + *
> + * Use cgroup_new_cgroup() to create a dummy group and cgroup_set_uid_gid()
> and
> + * cgroup_set_permissions() to set its permissions. Use NO_UID_GID instead of
> + * GID/UID and NO_PERMS instead of file/directory permissions to let kernel
> + * decide the default permissions where you don't want specific user and/or
> + * permissions. Kernel then uses current user/group and permissions from
> umask
> + * then.
> + *
> + * @param new_default New default permissions from this group are copied to
> + * libcgroup internal structures. I.e., this group can be freed immediatelly
> + * after this function returns.
> + */
> +int cgroup_config_set_default(struct cgroup *new_default);
> +
> +/**
> * @}
> * @}
> */
> diff --git a/src/config.c b/src/config.c
> index 18c6f55..451ce40 100644
> --- a/src/config.c
> +++ b/src/config.c
> @@ -50,6 +50,7 @@ extern FILE *yyin;
> extern int yyparse(void);
>
> static struct cgroup default_group;
> +static int default_group_set = 0;
>
> /*
> * The basic global data structures.
> @@ -803,8 +804,11 @@ static int cgroup_parse_config(const char *pathname)
> config_table_index = 0;
> namespace_table_index = 0;
> cgroup_table_index = 0;
> - /* init the default cgroup */
> - init_cgroup_table(&default_group, 1);
> +
> + if (!default_group_set) {
> + /* init the default cgroup */
> + init_cgroup_table(&default_group, 1);
> + }
>
> /*
> * Parser calls longjmp() on really fatal error (like out-of-memory).
> @@ -1169,3 +1173,22 @@ int cgroup_config_define_default(void)
> init_cgroup_table(config_cgroup, 1);
> return 0;
> }
> +
> +int cgroup_config_set_default(struct cgroup *new_default)
> +{
> + if (!new_default)
> + return ECGINVAL;
> +
> + init_cgroup_table(&default_group, 1);
> +
> + default_group.control_dperm = new_default->control_dperm;
> + default_group.control_fperm = new_default->control_fperm;
> + default_group.control_gid = new_default->control_gid;
> + default_group.control_uid = new_default->control_uid;
> + default_group.task_fperm = new_default->task_fperm;
> + default_group.tasks_gid = new_default->tasks_gid;
> + default_group.tasks_uid = new_default->tasks_uid;
> + default_group_set = 1;
> +
> + return 0;
> +}
> diff --git a/src/libcgroup.map b/src/libcgroup.map
> index 7a0927e..e73dd6e 100644
> --- a/src/libcgroup.map
> +++ b/src/libcgroup.map
> @@ -103,4 +103,5 @@ CGROUP_0.38 {
> cgroup_get_subsys_mount_point_end;
> cgroup_set_permissions;
> cgroup_config_unload_config;
> + cgroup_config_set_default;
> } CGROUP_0.37;
we need to plan out a 0.38 release sometime soon.
------------------------------------------------------------------------------
All the data continuously generated in your IT infrastructure
contains a definitive record of customers, application performance,
security threats, fraudulent activity, and more. Splunk takes this
data and makes sense of it. IT sense. And common sense.
http://p.sf.net/sfu/splunk-novd2d
_______________________________________________
Libcg-devel mailing list
Libcg-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/libcg-devel
