With cgroup_config_set_default() can an application set default permissions
of groups and files created by cgroup_config_load_config(). See the
documentation of the function.
Signed-off-by: Jan Safranek <jsafr...@redhat.com>
---
include/libcgroup/config.h | 18 ++++++++++++++++++
src/config.c | 27 +++++++++++++++++++++++++--
src/libcgroup.map | 1 +
3 files changed, 44 insertions(+), 2 deletions(-)
diff --git a/include/libcgroup/config.h b/include/libcgroup/config.h
index 4cf5ce0..2dfdd32 100644
--- a/include/libcgroup/config.h
+++ b/include/libcgroup/config.h
@@ -56,6 +56,24 @@ int cgroup_unload_cgroups(void);
int cgroup_config_unload_config(const char *pathname, int flags);
/**
+ * Sets default permissions of groups created by subsequent
+ * cgroup_config_load_config() calls. If a config file contains a 'default {}'
+ * section, the default permissions from the config file is then used.
+ *
+ * Use cgroup_new_cgroup() to create a dummy group and cgroup_set_uid_gid() and
+ * cgroup_set_permissions() to set its permissions. Use NO_UID_GID instead of
+ * GID/UID and NO_PERMS instead of file/directory permissions to let kernel
+ * decide the default permissions where you don't want specific user and/or
+ * permissions. Kernel then uses current user/group and permissions from umask
+ * then.
+ *
+ * @param new_default New default permissions from this group are copied to
+ * libcgroup internal structures. I.e., this group can be freed immediatelly
+ * after this function returns.
+ */
+int cgroup_config_set_default(struct cgroup *new_default);
+
+/**
* @}
* @}
*/
diff --git a/src/config.c b/src/config.c
index 18c6f55..451ce40 100644
--- a/src/config.c
+++ b/src/config.c
@@ -50,6 +50,7 @@ extern FILE *yyin;
extern int yyparse(void);
static struct cgroup default_group;
+static int default_group_set = 0;
/*
* The basic global data structures.
@@ -803,8 +804,11 @@ static int cgroup_parse_config(const char *pathname)
config_table_index = 0;
namespace_table_index = 0;
cgroup_table_index = 0;
- /* init the default cgroup */
- init_cgroup_table(&default_group, 1);
+
+ if (!default_group_set) {
+ /* init the default cgroup */
+ init_cgroup_table(&default_group, 1);
+ }
/*
* Parser calls longjmp() on really fatal error (like out-of-memory).
@@ -1169,3 +1173,22 @@ int cgroup_config_define_default(void)
init_cgroup_table(config_cgroup, 1);
return 0;
}
+
+int cgroup_config_set_default(struct cgroup *new_default)
+{
+ if (!new_default)
+ return ECGINVAL;
+
+ init_cgroup_table(&default_group, 1);
+
+ default_group.control_dperm = new_default->control_dperm;
+ default_group.control_fperm = new_default->control_fperm;
+ default_group.control_gid = new_default->control_gid;
+ default_group.control_uid = new_default->control_uid;
+ default_group.task_fperm = new_default->task_fperm;
+ default_group.tasks_gid = new_default->tasks_gid;
+ default_group.tasks_uid = new_default->tasks_uid;
+ default_group_set = 1;
+
+ return 0;
+}
diff --git a/src/libcgroup.map b/src/libcgroup.map
index 7a0927e..e73dd6e 100644
--- a/src/libcgroup.map
+++ b/src/libcgroup.map
@@ -103,4 +103,5 @@ CGROUP_0.38 {
cgroup_get_subsys_mount_point_end;
cgroup_set_permissions;
cgroup_config_unload_config;
+ cgroup_config_set_default;
} CGROUP_0.37;
------------------------------------------------------------------------------
All the data continuously generated in your IT infrastructure
contains a definitive record of customers, application performance,
security threats, fraudulent activity, and more. Splunk takes this
data and makes sense of it. IT sense. And common sense.
http://p.sf.net/sfu/splunk-novd2d
_______________________________________________
Libcg-devel mailing list
Libcg-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/libcg-devel
