Group control or task file owner should have UID/GID set to NO_UID_GID to
distinguish permissions which were set in config file from undefined
values. In the end, NO_UID_GID is transtated to UID/GID 0, so users
won't see any difference.
This will allow subsequent patches to set default owners of files/directories if
the group definition itself did not contain perm {} section.
Signed-off-by: Jan Safranek <[email protected]>
---
include/libcgroup/groups.h | 5 +++++
src/api.c | 12 ++++++++++--
src/wrapper.c | 2 ++
3 files changed, 17 insertions(+), 2 deletions(-)
diff --git a/include/libcgroup/groups.h b/include/libcgroup/groups.h
index f375a82..39596a1 100644
--- a/include/libcgroup/groups.h
+++ b/include/libcgroup/groups.h
@@ -122,6 +122,11 @@ struct cgroup_controller;
#define NO_PERMS (-1U)
/**
+ * Uninitialized UID/GID used for task/control files.
+ */
+#define NO_UID_GID (-1U)
+
+/**
* Allocate new cgroup structure. This function itself does not create new
* control group in kernel, only new <tt>struct cgroup</tt> inside libcgroup!
*
diff --git a/src/api.c b/src/api.c
index d3aaa45..0c55f1a 100644
--- a/src/api.c
+++ b/src/api.c
@@ -122,6 +122,14 @@ const char const *cgroup_strerror_codes[] = {
static const char const *cgroup_ignored_tasks_files[] = { "tasks", NULL };
+static int cg_chown(const char *filename, uid_t owner, gid_t group)
+{
+ if (owner == NO_UID_GID)
+ owner = 0;
+ if (group == NO_UID_GID)
+ group = 0;
+ return chown(filename, owner, group);
+}
static int cg_chown_file(FTS *fts, FTSENT *ent, uid_t owner, gid_t group)
{
int ret = 0;
@@ -139,7 +147,7 @@ static int cg_chown_file(FTS *fts, FTSENT *ent, uid_t
owner, gid_t group)
case FTS_DP:
case FTS_F:
case FTS_DEFAULT:
- ret = chown(filename, owner, group);
+ ret = cg_chown(filename, owner, group);
break;
}
if (ret < 0) {
@@ -1613,7 +1621,7 @@ int cgroup_create_cgroup(struct cgroup *cgroup, int
ignore_ownership)
error = ECGOTHER;
goto err;
}
- error = chown(path, cgroup->tasks_uid,
+ error = cg_chown(path, cgroup->tasks_uid,
cgroup->tasks_gid);
if (!error && cgroup->task_fperm != NO_PERMS)
error = cg_chmod_path(path, cgroup->task_fperm,
diff --git a/src/wrapper.c b/src/wrapper.c
index 95be969..50b8013 100644
--- a/src/wrapper.c
+++ b/src/wrapper.c
@@ -29,6 +29,8 @@
static void init_cgroup(struct cgroup *cgroup)
{
cgroup->task_fperm = cgroup->control_fperm = cgroup->control_dperm =
NO_PERMS;
+ cgroup->control_gid = cgroup->control_uid = cgroup->tasks_gid =
+ cgroup->tasks_uid = NO_UID_GID;
}
void init_cgroup_table(struct cgroup *cgroups, size_t count)
------------------------------------------------------------------------------
All the data continuously generated in your IT infrastructure
contains a definitive record of customers, application performance,
security threats, fraudulent activity, and more. Splunk takes this
data and makes sense of it. IT sense. And common sense.
http://p.sf.net/sfu/splunk-novd2d
_______________________________________________
Libcg-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/libcg-devel
