[Libcg-devel] [PATCH 2/6] cgcreate, cgconfigparser: Fixed permissions when only one of '-f' and '-d' is set.

Fri, 09 Dec 2011 06:04:39 -0800 

When only one of '-f' and '-d' is set, the other is set automatically to
zero and nobody then has the rights to read/modify a group or group's
parameters.

Signed-off-by: Jan Safranek <jsafr...@redhat.com>
---

 src/tools/cgconfig.c                   |    4 ++--
 src/tools/cgcreate.c                   |    4 ++--
 tests/tools/cgconfigparser/permissions |   18 ++++++++++++++++++
 3 files changed, 22 insertions(+), 4 deletions(-)

diff --git a/src/tools/cgconfig.c b/src/tools/cgconfig.c
index b052432..cf1c315 100644
--- a/src/tools/cgconfig.c
+++ b/src/tools/cgconfig.c
@@ -72,8 +72,8 @@ int main(int argc, char *argv[])
        };
        uid_t tuid = NO_UID_GID, auid = NO_UID_GID;
        gid_t tgid = NO_UID_GID, agid = NO_UID_GID;
-       mode_t dir_mode = 0;
-       mode_t file_mode = 0;
+       mode_t dir_mode = NO_PERMS;
+       mode_t file_mode = NO_PERMS;
        int dirm_change = 0;
        int filem_change = 0;
        struct cgroup *default_group = NULL;
diff --git a/src/tools/cgcreate.c b/src/tools/cgcreate.c
index 2579072..8edb6e0 100644
--- a/src/tools/cgcreate.c
+++ b/src/tools/cgcreate.c
@@ -85,8 +85,8 @@ int main(int argc, char *argv[])
        int capacity = argc;
 
        /* permission variables */
-       mode_t dir_mode = 0;
-       mode_t file_mode = 0;
+       mode_t dir_mode = NO_PERMS;
+       mode_t file_mode = NO_PERMS;
        int dirm_change = 0;
        int filem_change = 0;
 
diff --git a/tests/tools/cgconfigparser/permissions 
b/tests/tools/cgconfigparser/permissions
index f404f34..4a42ffe 100755
--- a/tests/tools/cgconfigparser/permissions
+++ b/tests/tools/cgconfigparser/permissions
@@ -137,5 +137,23 @@ check_perm "STEP6" "/$TMP/cgroups/cpu/daemons/ssh/tasks" 
264 root nobody
 
 $TOOLSDIR/cgclear || die "cgclear failed"
 
+# STEP7: config file without default section, but with only -d params (=-f is 
taken from umask)
+$TOOLSDIR/cgconfigparser -l `prepare_config 
$CONFDIR/permissions_default4.conf` -t nobody:nobody -a nobody:nobody -d 757 || 
\
+    die "STEP7: cgconfigparser -l $CONFDIR/permissions_default4.conf failed"
+
+check_perm "STEP7" "/$TMP/cgroups/cpu/daemons/www" 757 nobody nobody
+check_perm "STEP7" "/$TMP/cgroups/cpu/daemons/www/cpu.shares" 644 nobody nobody
+check_perm "STEP7" "/$TMP/cgroups/cpu/daemons/www/tasks" 644 nobody nobody
+
+check_perm "STEP7" "/$TMP/cgroups/cpu/daemons/ftp" 742 root root
+check_perm "STEP7" "/$TMP/cgroups/cpu/daemons/ftp/cpu.shares" 426 root root
+check_perm "STEP7" "/$TMP/cgroups/cpu/daemons/ftp/tasks" 264 root root
+
+check_perm "STEP7" "/$TMP/cgroups/cpu/daemons/ssh" 757 root nobody
+check_perm "STEP7" "/$TMP/cgroups/cpu/daemons/ssh/cpu.shares" 426 root nobody
+check_perm "STEP7" "/$TMP/cgroups/cpu/daemons/ssh/tasks" 264 root nobody
+
+$TOOLSDIR/cgclear || die "cgclear failed"
+
 cleanup
 exit 0


------------------------------------------------------------------------------
Cloud Services Checklist: Pricing and Packaging Optimization
This white paper is intended to serve as a reference, checklist and point of 
discussion for anyone considering optimizing the pricing and packaging model 
of a cloud services business. Read Now!
http://www.accelacomm.com/jaw/sfnl/114/51491232/
_______________________________________________
Libcg-devel mailing list
Libcg-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/libcg-devel

Reply via email to