Add routine to scan rules.conf file and move matching running tasks in /proc/pid/* into configured control groups. Then at init time we can move running tasks into the correct control group.
Expose this routine via libcg so other applications can use it to classify existing applications after creating control groups. CC: Jan Safranek <jsafr...@redhat.com> Signed-off-by: John Fastabend <john.r.fastab...@intel.com> --- include/libcgroup/tasks.h | 1 + src/api.c | 37 +++++++++++++++++++++++++++++++++++++ src/daemon/cgrulesengd.c | 5 +++++ src/libcgroup.map | 1 + 4 files changed, 44 insertions(+) diff --git a/include/libcgroup/tasks.h b/include/libcgroup/tasks.h index 0f79220..1a4f0f5 100644 --- a/include/libcgroup/tasks.h +++ b/include/libcgroup/tasks.h @@ -109,6 +109,7 @@ int cgroup_reload_cached_rules(void); * @param fp Destination file, where the rules will be printed. */ void cgroup_print_rules_config(FILE *fp); +int cgroup_scan_rules_config(void); /** * @} diff --git a/src/api.c b/src/api.c index 11cd1b4..4cab371 100644 --- a/src/api.c +++ b/src/api.c @@ -3055,6 +3055,43 @@ int cgroup_change_cgroup_path(const char *dest, pid_t pid, return ret; } +int cgroup_scan_rules_config(void) +{ + DIR *dir; + struct dirent *pid_dir = NULL; + char *path = "/proc/"; + + dir = opendir(path); + if (!dir) + return -ECGOTHER; + + while ((pid_dir = readdir(dir)) != NULL) { + int err, pid; + uid_t euid; + gid_t egid; + char *procname = NULL; + + err = sscanf(pid_dir->d_name, "%i", &pid); + if (err < 1) + continue; + + err = cgroup_get_uid_gid_from_procfs(pid, &euid, &egid); + if (err) + continue; + + err = cgroup_get_procname_from_procfs(pid, &procname); + if (err) + continue; + + err = cgroup_change_cgroup_flags(euid, egid, procname, pid, 0); + if (err) + cgroup_dbg("cgroup change pid %i failed\n", pid); + } + + closedir(dir); + return 0; +} + /** * Print the cached rules table. This function should be called only after * first calling cgroup_parse_config(), but it will work with an empty rule diff --git a/src/daemon/cgrulesengd.c b/src/daemon/cgrulesengd.c index f12db45..4ea09f3 100644 --- a/src/daemon/cgrulesengd.c +++ b/src/daemon/cgrulesengd.c @@ -1171,6 +1171,11 @@ int main(int argc, char *argv[]) if (logfile && loglevel >= LOG_INFO) cgroup_print_rules_config(logfile); + /* Scan for running applications with rules */ + ret = cgroup_scan_rules_config(); + if (ret) + flog(LOG_WARNING, "Failed to initialize running tasks."); + flog(LOG_NOTICE, "Started the CGroup Rules Engine Daemon."); /* We loop endlesly in this function, unless we encounter an error. */ diff --git a/src/libcgroup.map b/src/libcgroup.map index b550a58..bab81d5 100644 --- a/src/libcgroup.map +++ b/src/libcgroup.map @@ -33,6 +33,7 @@ global: cgroup_set_value_bool; cgroup_change_cgroup_uid_gid_flags; cgroup_print_rules_config; + cgroup_scan_rules_config; cgroup_reload_cached_rules; cgroup_init_rules_cache; cgroup_get_current_controller_path; ------------------------------------------------------------------------------ Free Next-Gen Firewall Hardware Offer Buy your Sophos next-gen firewall before the end March 2013 and get the hardware for free! Learn more. http://p.sf.net/sfu/sophos-d2d-feb _______________________________________________ Libcg-devel mailing list Libcg-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/libcg-devel