On 11/30/2011 12:35 PM, Dhaval Giani wrote:
> On Wed, Nov 23, 2011 at 7:01 PM, Jan Safranek <jsafr...@redhat.com> wrote:
>> Based on cgcreate arguments, cgconfigparser now has command line arguments
>> to set default permissions of groups and files created by it.
>>
>> Signed-off-by: Jan Safranek <jsafr...@redhat.com>
>> ---
>>
>> doc/man/cgconfigparser.8 | 30 ++++++++++++++++++++
>> src/tools/cgconfig.c | 69
>> +++++++++++++++++++++++++++++++++++++++++++++-
>> 2 files changed, 97 insertions(+), 2 deletions(-)
>>
>> diff --git a/doc/man/cgconfigparser.8 b/doc/man/cgconfigparser.8
>> index fdd6956..906b472 100644
>> --- a/doc/man/cgconfigparser.8
>> +++ b/doc/man/cgconfigparser.8
>> @@ -22,11 +22,41 @@ mount points defined by the configuration file.
>> The format of the file is described in
>> \fBcgconfig.conf\fR. This option can be used multiple times and can be mixed
>> with \fB-L\fR option.
>> +
>> .TP
>> .B -L, --load-directory=DIR
>> Finds all files in given directory and parses them in alphabetical order
>> like they were specified by \fB-l\fR option. This option can be used
>> multiple times and can be mixed with \fB-l\fR option.
>> +
>> +.TP
>> +.B -a <agid>:<auid>
>> +defines the default owner of the
>> +rest of the defined control group’s files. These users are
>> +allowed to set subsystem parameters and create subgroups.
>> +The default value is the same as has the parent cgroup.
>> +
>> +.TP
>> +.B -d, --dperm=mode
>> +sets the default permissions of a control groups directory.
>> +The permissions needs to be specified as octal numbers e.g.
>> +\fB-d 775\fR.
>> +
>> +.TP
>> +.B -f, --fperm=mode
>> +sets the default permissions of the control groups and tasks files.
>> +The permissions needs to be specified as octal numbers e.g.
>> +\fB-f 775\fR.
>> +The value is not used as given because the current owner's
>> +permissions are used as an umask (so 777 will set group and
>> +others permissions to the owners permissions).
>> +
>> +.TP
>> +.B -t <tuid>:<tgid>
>> +defines the default owner of tasks file of the defined control
>> +group. I.e. this user and members
>> +of this group have write access to the file.
>> +
>> .LP
>>
>> .SH SEE ALSO
>> diff --git a/src/tools/cgconfig.c b/src/tools/cgconfig.c
>> index cc2a633..e6c7300 100644
>> --- a/src/tools/cgconfig.c
>> +++ b/src/tools/cgconfig.c
>> @@ -35,7 +35,6 @@
>>
>> static struct cgroup_string_list cfg_files;
>>
>> -
>> static void usage(char *progname)
>> {
>> printf("Usage: %s [-l FILE] ...\n", basename(progname));
>> @@ -46,6 +45,14 @@ static void usage(char *progname)
>> " configuration file\n");
>> printf(" -L, --load-directory=DIR Parse and load the cgroups"\
>> " configuration files from a directory\n");
>> + printf(" -a <tuid>:<tgid> Default owner of groups
>> files"\
>> + " and directories\n");
>
> no long form here?
The options are taken from cgcreate... I might add long options both to
cgcreate and to cgconfig later.
>
>> + printf(" -d, --dperm mode Default group directory"\
>> + " permissions\n");
>> + printf(" -f, --fperm mode Default group file"\
>> + " permissions\n");
>> + printf(" -t <tuid>:<tgid> Default owner of the tasks "
>> + "file");
>
> I am starting to feel we are having way too many options now, but
> cannot think of a better solution
The options are taken from cgcreate, so we already had too many options.
This patch does not add anything new.
>> exit(2);
>> }
>>
>> @@ -57,15 +64,27 @@ int main(int argc, char *argv[])
>> {"help", 0, 0, 'h'},
>> {"load", 1, 0, 'l'},
>> {"load-directory", 1, 0, 'L'},
>> + {"task", required_argument, NULL, 't'},
>> + {"admin", required_argument, NULL, 'a'},
>> + {"dperm", required_argument, NULL, 'd'},
>> + {"fperm", required_argument, NULL, 'f' },
>> {0, 0, 0, 0}
>> };
>> + uid_t tuid = NO_UID_GID, auid = NO_UID_GID;
>> + gid_t tgid = NO_UID_GID, agid = NO_UID_GID;
>> + mode_t dir_mode = 0;
>> + mode_t file_mode = 0;
>> + int dirm_change = 0;
>> + int filem_change = 0;
>> + struct cgroup *default_group = NULL;
>>
>> if (argc < 2)
>> usage(argv[0]); /* usage() exits */
>>
>> ret = cgroup_string_list_init(&cfg_files, argc/2);
>>
>> - while ((c = getopt_long(argc, argv, "hl:L:", options, NULL)) > 0) {
>> + while ((c = getopt_long(argc, argv, "hl:L:t:a:d:f:", options,
>> + NULL)) > 0) {
>> switch (c) {
>> case 'h':
>> usage(argv[0]);
>> @@ -82,12 +101,56 @@ int main(int argc, char *argv[])
>> cgroup_string_list_add_directory(&cfg_files, optarg,
>> argv[0]);
>> break;
>> + case 'a':
>> + /* set admin uid/gid */
>> + if (parse_uid_gid(optarg, &auid, &agid, argv[0]))
>> + goto err;
>> + break;
>> + case 't':
>> + /* set task uid/gid */
>> + if (parse_uid_gid(optarg, &tuid, &tgid, argv[0]))
>> + goto err;
>> + break;
>> + case 'd':
>> + dirm_change = 1;
>> + ret = parse_mode(optarg, &dir_mode, argv[0]);
>> + break;
>> + case 'f':
>> + filem_change = 1;
>> + ret = parse_mode(optarg, &file_mode, argv[0]);
>> + break;
>> default:
>> usage(argv[0]);
>> break;
>> }
>> }
>>
>> + /* set default permissions */
>> + default_group = cgroup_new_cgroup("default");
>> + if (!default_group) {
>> + fprintf(stderr, "%s: cannot create default cgroup\n",
>> argv[0]);
>> + goto err;
>> + }
>> +
>> + error = cgroup_set_uid_gid(default_group, tuid, tgid, auid, agid);
>> + if (error) {
>> + fprintf(stderr, "%s: cannot set default UID and GID: %s\n",
>> + argv[0], cgroup_strerror(ret));
>> + goto err;
>> + }
>> +
>> + if (dirm_change + filem_change > 0) {
>
> why is this better than
>
> if (dirm_change | filem_change) ?
It's taken from cgexec, I'll change that here.
>
>> + cgroup_set_permissions(default_group, dir_mode, file_mode,
>> + file_mode);
>> + }
>> +
>> + error = cgroup_config_set_default(default_group);
>> + if (error) {
>> + fprintf(stderr, "%s: cannot set config parser defaults:
>> %s\n",
>> + argv[0], cgroup_strerror(ret));
>> + goto err;
>> + }
>> +
>> for (i = 0; i < cfg_files.count; i++) {
>> ret = cgroup_config_load_config(cfg_files.items[i]);
>> if (ret) {
>> @@ -99,6 +162,8 @@ int main(int argc, char *argv[])
>> }
>> }
>>
>> +err:
>> + cgroup_free(&default_group);
>> cgroup_string_list_free(&cfg_files);
>> return error;
>> }
>>
>
>
> looks sane otherwise
>
> ------------------------------------------------------------------------------
> All the data continuously generated in your IT infrastructure
> contains a definitive record of customers, application performance,
> security threats, fraudulent activity, and more. Splunk takes this
> data and makes sense of it. IT sense. And common sense.
> http://p.sf.net/sfu/splunk-novd2d
> _______________________________________________
> Libcg-devel mailing list
> Libcg-devel@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/libcg-devel
------------------------------------------------------------------------------
All the data continuously generated in your IT infrastructure
contains a definitive record of customers, application performance,
security threats, fraudulent activity, and more. Splunk takes this
data and makes sense of it. IT sense. And common sense.
http://p.sf.net/sfu/splunk-novd2d
_______________________________________________
Libcg-devel mailing list
Libcg-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/libcg-devel
