So far cgcreate and cgconfigparser have -f option, which sets permissions
of all files in a group, incl. tasks file. Since we need to put sticky bit
on the tasks file for systemd, this patch adds -s option for this purpose.
The tests are also updated with this change.
Signed-off-by: Jan Safranek <jsafr...@redhat.com>
---
doc/man/cgconfigparser.8 | 11 ++++++++++-
doc/man/cgcreate.1 | 11 ++++++++++-
src/tools/cgconfig.c | 12 ++++++++++--
src/tools/cgcreate.c | 14 +++++++++++---
tests/tools/cgconfigparser/permissions | 22 ++++++++++++++++++++--
5 files changed, 61 insertions(+), 9 deletions(-)
diff --git a/doc/man/cgconfigparser.8 b/doc/man/cgconfigparser.8
index 906b472..53ab626 100644
--- a/doc/man/cgconfigparser.8
+++ b/doc/man/cgconfigparser.8
@@ -44,7 +44,16 @@ The permissions needs to be specified as octal numbers e.g.
.TP
.B -f, --fperm=mode
-sets the default permissions of the control groups and tasks files.
+sets the default permissions of the control group files.
+The permissions needs to be specified as octal numbers e.g.
+\fB-f 775\fR.
+The value is not used as given because the current owner's
+permissions are used as an umask (so 777 will set group and
+others permissions to the owners permissions).
+
+.TP
+.B -s, --tperm=mode
+sets the default permissions of the control group tasks files.
The permissions needs to be specified as octal numbers e.g.
\fB-f 775\fR.
The value is not used as given because the current owner's
diff --git a/doc/man/cgcreate.1 b/doc/man/cgcreate.1
index 409bfa4..259b70e 100644
--- a/doc/man/cgcreate.1
+++ b/doc/man/cgcreate.1
@@ -28,7 +28,7 @@ The permissions needs to be specified as octal numbers e.g.
.TP
.B -f, --fperm mode
-sets the permissions of the control groups and tasks files.
+sets the permissions of the control groups parameters.
The permissions needs to be specified as octal numbers e.g.
\fB-f 775\fR.
The value is not used as given because the current owner's
@@ -48,6 +48,15 @@ multiple times.
display this help and exit
.TP
+.B -s, --tperm mode
+sets the permissions of the control group tasks file.
+The permissions needs to be specified as octal numbers e.g.
+\fB-f 775\fR.
+The value is not used as given because the current owner's
+permissions are used as an umask (so 777 will set group and
+others permissions to the owners permissions).
+
+.TP
.B -t <tuid>:<tgid>
defines the name of the user and the group, which owns tasks
file of the defined control group. I.e. this user and members
diff --git a/src/tools/cgconfig.c b/src/tools/cgconfig.c
index cf1c315..038c8f8 100644
--- a/src/tools/cgconfig.c
+++ b/src/tools/cgconfig.c
@@ -51,6 +51,8 @@ static void usage(char *progname)
" permissions\n");
printf(" -f, --fperm mode Default group file"\
" permissions\n");
+ printf(" -s --tperm mode Default tasks file"
+ " permissions\n");
printf(" -t <tuid>:<tgid> Default owner of the tasks "
"file");
exit(2);
@@ -68,12 +70,14 @@ int main(int argc, char *argv[])
{"admin", required_argument, NULL, 'a'},
{"dperm", required_argument, NULL, 'd'},
{"fperm", required_argument, NULL, 'f' },
+ {"tperm", required_argument, NULL, 's' },
{0, 0, 0, 0}
};
uid_t tuid = NO_UID_GID, auid = NO_UID_GID;
gid_t tgid = NO_UID_GID, agid = NO_UID_GID;
mode_t dir_mode = NO_PERMS;
mode_t file_mode = NO_PERMS;
+ mode_t tasks_mode = NO_PERMS;
int dirm_change = 0;
int filem_change = 0;
struct cgroup *default_group = NULL;
@@ -83,7 +87,7 @@ int main(int argc, char *argv[])
ret = cgroup_string_list_init(&cfg_files, argc/2);
- while ((c = getopt_long(argc, argv, "hl:L:t:a:d:f:", options,
+ while ((c = getopt_long(argc, argv, "hl:L:t:a:d:f:s:", options,
NULL)) > 0) {
switch (c) {
case 'h':
@@ -119,6 +123,10 @@ int main(int argc, char *argv[])
filem_change = 1;
ret = parse_mode(optarg, &file_mode, argv[0]);
break;
+ case 's':
+ filem_change = 1;
+ ret = parse_mode(optarg, &tasks_mode, argv[0]);
+ break;
default:
usage(argv[0]);
break;
@@ -141,7 +149,7 @@ int main(int argc, char *argv[])
if (dirm_change | filem_change) {
cgroup_set_permissions(default_group, dir_mode, file_mode,
- file_mode);
+ tasks_mode);
}
error = cgroup_config_set_default(default_group);
diff --git a/src/tools/cgcreate.c b/src/tools/cgcreate.c
index 8edb6e0..ae079a1 100644
--- a/src/tools/cgcreate.c
+++ b/src/tools/cgcreate.c
@@ -52,6 +52,8 @@ static void usage(int status, const char *program_name)
"group which should be added\n");
fprintf(stdout, " -h, --help Display "\
"this help\n");
+ fprintf(stdout, " -s --tperm mode Tasks "\
+ "file permissions\n");
fprintf(stdout, " -t <tuid>:<tgid> Set "\
"the task permission\n");
}
@@ -71,6 +73,7 @@ int main(int argc, char *argv[])
{"", required_argument, NULL, 'g'},
{"dperm", required_argument, NULL, 'd'},
{"fperm", required_argument, NULL, 'f' },
+ {"tperm", required_argument, NULL, 's' },
{0, 0, 0, 0},
};
@@ -87,6 +90,7 @@ int main(int argc, char *argv[])
/* permission variables */
mode_t dir_mode = NO_PERMS;
mode_t file_mode = NO_PERMS;
+ mode_t tasks_mode = NO_PERMS;
int dirm_change = 0;
int filem_change = 0;
@@ -103,7 +107,7 @@ int main(int argc, char *argv[])
}
/* parse arguments */
- while ((c = getopt_long(argc, argv, "a:t:g:hd:f:", long_opts, NULL))
+ while ((c = getopt_long(argc, argv, "a:t:g:hd:f:s:", long_opts, NULL))
> 0) {
switch (c) {
case 'h':
@@ -139,6 +143,10 @@ int main(int argc, char *argv[])
filem_change = 1;
ret = parse_mode(optarg, &file_mode, argv[0]);
break;
+ case 's':
+ filem_change = 1;
+ ret = parse_mode(optarg, &tasks_mode, argv[0]);
+ break;
default:
usage(1, argv[0]);
ret = -1;
@@ -201,9 +209,9 @@ int main(int argc, char *argv[])
}
/* all variables set so create cgroup */
- if (dirm_change + filem_change > 0)
+ if (dirm_change | filem_change)
cgroup_set_permissions(cgroup, dir_mode, file_mode,
- file_mode);
+ tasks_mode);
ret = cgroup_create_cgroup(cgroup, 0);
if (ret) {
fprintf(stderr, "%s: "
diff --git a/tests/tools/cgconfigparser/permissions
b/tests/tools/cgconfigparser/permissions
index 4a42ffe..2d45afc 100755
--- a/tests/tools/cgconfigparser/permissions
+++ b/tests/tools/cgconfigparser/permissions
@@ -107,7 +107,7 @@ $TOOLSDIR/cgconfigparser -l `prepare_config
$CONFDIR/permissions_default4.conf`
check_perm "STEP5" "/$TMP/cgroups/cpu/daemons/www" 757 nobody nobody
check_perm "STEP5" "/$TMP/cgroups/cpu/daemons/www/cpu.shares" 646 nobody nobody
-check_perm "STEP5" "/$TMP/cgroups/cpu/daemons/www/tasks" 646 nobody nobody
+check_perm "STEP5" "/$TMP/cgroups/cpu/daemons/www/tasks" 644 nobody nobody
check_perm "STEP5" "/$TMP/cgroups/cpu/daemons/ftp" 742 root root
check_perm "STEP5" "/$TMP/cgroups/cpu/daemons/ftp/cpu.shares" 426 root root
@@ -125,7 +125,7 @@ $TOOLSDIR/cgconfigparser -l `prepare_config
$CONFDIR/permissions_default4.conf`
check_perm "STEP6" "/$TMP/cgroups/cpu/daemons/www" 2757 nobody nobody
check_perm "STEP6" "/$TMP/cgroups/cpu/daemons/www/cpu.shares" 7646 nobody
nobody
-check_perm "STEP6" "/$TMP/cgroups/cpu/daemons/www/tasks" 7646 nobody nobody
+check_perm "STEP6" "/$TMP/cgroups/cpu/daemons/www/tasks" 644 nobody nobody
check_perm "STEP6" "/$TMP/cgroups/cpu/daemons/ftp" 742 root root
check_perm "STEP6" "/$TMP/cgroups/cpu/daemons/ftp/cpu.shares" 426 root root
@@ -155,5 +155,23 @@ check_perm "STEP7" "/$TMP/cgroups/cpu/daemons/ssh/tasks"
264 root nobody
$TOOLSDIR/cgclear || die "cgclear failed"
+# STEP8: config file without default section, but with -f, -d and -t
+$TOOLSDIR/cgconfigparser -l `prepare_config
$CONFDIR/permissions_default4.conf` -t nobody:nobody -a nobody:nobody -d 757 -f
757 -s 7247 || \
+ die "STEP8: cgconfigparser -l $CONFDIR/permissions_default4.conf failed"
+
+check_perm "STEP8" "/$TMP/cgroups/cpu/daemons/www" 757 nobody nobody
+check_perm "STEP8" "/$TMP/cgroups/cpu/daemons/www/cpu.shares" 646 nobody nobody
+check_perm "STEP8" "/$TMP/cgroups/cpu/daemons/www/tasks" 7246 nobody nobody
+
+check_perm "STEP8" "/$TMP/cgroups/cpu/daemons/ftp" 742 root root
+check_perm "STEP8" "/$TMP/cgroups/cpu/daemons/ftp/cpu.shares" 426 root root
+check_perm "STEP8" "/$TMP/cgroups/cpu/daemons/ftp/tasks" 264 root root
+
+check_perm "STEP8" "/$TMP/cgroups/cpu/daemons/ssh" 757 root nobody
+check_perm "STEP8" "/$TMP/cgroups/cpu/daemons/ssh/cpu.shares" 426 root nobody
+check_perm "STEP8" "/$TMP/cgroups/cpu/daemons/ssh/tasks" 264 root nobody
+
+$TOOLSDIR/cgclear || die "cgclear failed"
+
cleanup
exit 0
------------------------------------------------------------------------------
Cloud Services Checklist: Pricing and Packaging Optimization
This white paper is intended to serve as a reference, checklist and point of
discussion for anyone considering optimizing the pricing and packaging model
of a cloud services business. Read Now!
http://www.accelacomm.com/jaw/sfnl/114/51491232/
_______________________________________________
Libcg-devel mailing list
Libcg-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/libcg-devel
