On Wed, Nov 23, 2011 at 7:01 PM, Jan Safranek <[email protected]> wrote:
> Based on cgcreate arguments, cgconfigparser now has command line arguments
> to set default permissions of groups and files created by it.
>
> Signed-off-by: Jan Safranek <[email protected]>
> ---
>
> doc/man/cgconfigparser.8 | 30 ++++++++++++++++++++
> src/tools/cgconfig.c | 69
> +++++++++++++++++++++++++++++++++++++++++++++-
> 2 files changed, 97 insertions(+), 2 deletions(-)
>
> diff --git a/doc/man/cgconfigparser.8 b/doc/man/cgconfigparser.8
> index fdd6956..906b472 100644
> --- a/doc/man/cgconfigparser.8
> +++ b/doc/man/cgconfigparser.8
> @@ -22,11 +22,41 @@ mount points defined by the configuration file.
> The format of the file is described in
> \fBcgconfig.conf\fR. This option can be used multiple times and can be mixed
> with \fB-L\fR option.
> +
> .TP
> .B -L, --load-directory=DIR
> Finds all files in given directory and parses them in alphabetical order
> like they were specified by \fB-l\fR option. This option can be used
> multiple times and can be mixed with \fB-l\fR option.
> +
> +.TP
> +.B -a <agid>:<auid>
> +defines the default owner of the
> +rest of the defined control group’s files. These users are
> +allowed to set subsystem parameters and create subgroups.
> +The default value is the same as has the parent cgroup.
> +
> +.TP
> +.B -d, --dperm=mode
> +sets the default permissions of a control groups directory.
> +The permissions needs to be specified as octal numbers e.g.
> +\fB-d 775\fR.
> +
> +.TP
> +.B -f, --fperm=mode
> +sets the default permissions of the control groups and tasks files.
> +The permissions needs to be specified as octal numbers e.g.
> +\fB-f 775\fR.
> +The value is not used as given because the current owner's
> +permissions are used as an umask (so 777 will set group and
> +others permissions to the owners permissions).
> +
> +.TP
> +.B -t <tuid>:<tgid>
> +defines the default owner of tasks file of the defined control
> +group. I.e. this user and members
> +of this group have write access to the file.
> +
> .LP
>
> .SH SEE ALSO
> diff --git a/src/tools/cgconfig.c b/src/tools/cgconfig.c
> index cc2a633..e6c7300 100644
> --- a/src/tools/cgconfig.c
> +++ b/src/tools/cgconfig.c
> @@ -35,7 +35,6 @@
>
> static struct cgroup_string_list cfg_files;
>
> -
> static void usage(char *progname)
> {
> printf("Usage: %s [-l FILE] ...\n", basename(progname));
> @@ -46,6 +45,14 @@ static void usage(char *progname)
> " configuration file\n");
> printf(" -L, --load-directory=DIR Parse and load the cgroups"\
> " configuration files from a directory\n");
> + printf(" -a <tuid>:<tgid> Default owner of groups
> files"\
> + " and directories\n");
no long form here?
> + printf(" -d, --dperm mode Default group directory"\
> + " permissions\n");
> + printf(" -f, --fperm mode Default group file"\
> + " permissions\n");
> + printf(" -t <tuid>:<tgid> Default owner of the tasks "
> + "file");
I am starting to feel we are having way too many options now, but
cannot think of a better solution
> exit(2);
> }
>
> @@ -57,15 +64,27 @@ int main(int argc, char *argv[])
> {"help", 0, 0, 'h'},
> {"load", 1, 0, 'l'},
> {"load-directory", 1, 0, 'L'},
> + {"task", required_argument, NULL, 't'},
> + {"admin", required_argument, NULL, 'a'},
> + {"dperm", required_argument, NULL, 'd'},
> + {"fperm", required_argument, NULL, 'f' },
> {0, 0, 0, 0}
> };
> + uid_t tuid = NO_UID_GID, auid = NO_UID_GID;
> + gid_t tgid = NO_UID_GID, agid = NO_UID_GID;
> + mode_t dir_mode = 0;
> + mode_t file_mode = 0;
> + int dirm_change = 0;
> + int filem_change = 0;
> + struct cgroup *default_group = NULL;
>
> if (argc < 2)
> usage(argv[0]); /* usage() exits */
>
> ret = cgroup_string_list_init(&cfg_files, argc/2);
>
> - while ((c = getopt_long(argc, argv, "hl:L:", options, NULL)) > 0) {
> + while ((c = getopt_long(argc, argv, "hl:L:t:a:d:f:", options,
> + NULL)) > 0) {
> switch (c) {
> case 'h':
> usage(argv[0]);
> @@ -82,12 +101,56 @@ int main(int argc, char *argv[])
> cgroup_string_list_add_directory(&cfg_files, optarg,
> argv[0]);
> break;
> + case 'a':
> + /* set admin uid/gid */
> + if (parse_uid_gid(optarg, &auid, &agid, argv[0]))
> + goto err;
> + break;
> + case 't':
> + /* set task uid/gid */
> + if (parse_uid_gid(optarg, &tuid, &tgid, argv[0]))
> + goto err;
> + break;
> + case 'd':
> + dirm_change = 1;
> + ret = parse_mode(optarg, &dir_mode, argv[0]);
> + break;
> + case 'f':
> + filem_change = 1;
> + ret = parse_mode(optarg, &file_mode, argv[0]);
> + break;
> default:
> usage(argv[0]);
> break;
> }
> }
>
> + /* set default permissions */
> + default_group = cgroup_new_cgroup("default");
> + if (!default_group) {
> + fprintf(stderr, "%s: cannot create default cgroup\n",
> argv[0]);
> + goto err;
> + }
> +
> + error = cgroup_set_uid_gid(default_group, tuid, tgid, auid, agid);
> + if (error) {
> + fprintf(stderr, "%s: cannot set default UID and GID: %s\n",
> + argv[0], cgroup_strerror(ret));
> + goto err;
> + }
> +
> + if (dirm_change + filem_change > 0) {
why is this better than
if (dirm_change | filem_change) ?
> + cgroup_set_permissions(default_group, dir_mode, file_mode,
> + file_mode);
> + }
> +
> + error = cgroup_config_set_default(default_group);
> + if (error) {
> + fprintf(stderr, "%s: cannot set config parser defaults: %s\n",
> + argv[0], cgroup_strerror(ret));
> + goto err;
> + }
> +
> for (i = 0; i < cfg_files.count; i++) {
> ret = cgroup_config_load_config(cfg_files.items[i]);
> if (ret) {
> @@ -99,6 +162,8 @@ int main(int argc, char *argv[])
> }
> }
>
> +err:
> + cgroup_free(&default_group);
> cgroup_string_list_free(&cfg_files);
> return error;
> }
>
looks sane otherwise
------------------------------------------------------------------------------
All the data continuously generated in your IT infrastructure
contains a definitive record of customers, application performance,
security threats, fraudulent activity, and more. Splunk takes this
data and makes sense of it. IT sense. And common sense.
http://p.sf.net/sfu/splunk-novd2d
_______________________________________________
Libcg-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/libcg-devel
