On 02/13/2013 08:06 PM, John Fastabend wrote:
> Add routine to scan rules.conf file and move matching running tasks
> in /proc/pid/* into configured control groups. Then at init time
> we can move running tasks into the correct control group.
>
> Expose this routine via libcg so other applications can use it
> to classify existing applications after creating control groups.
>
> CC: Jan Safranek <[email protected]>
> Signed-off-by: John Fastabend <[email protected]>
The code is perfect now. There is just some 'bureaucracy' remaining.
> ---
> include/libcgroup/tasks.h | 1 +
> src/api.c | 37 +++++++++++++++++++++++++++++++++++++
> src/daemon/cgrulesengd.c | 5 +++++
> src/libcgroup.map | 1 +
> 4 files changed, 44 insertions(+)
>
> diff --git a/include/libcgroup/tasks.h b/include/libcgroup/tasks.h
> index 0f79220..1a4f0f5 100644
> --- a/include/libcgroup/tasks.h
> +++ b/include/libcgroup/tasks.h
> @@ -109,6 +109,7 @@ int cgroup_reload_cached_rules(void);
> * @param fp Destination file, where the rules will be printed.
> */
> void cgroup_print_rules_config(FILE *fp);
> +int cgroup_scan_rules_config(void);
Please provide also documentation of the function in doxygen comment,
see cgroup_print_rules_config for inspiration.
Also, I don't like cgroup_scan_rules_config name. It's quite cryptic and
does not describe what the function does. We already have
cgroup_change_cgroup_uid_gid, so what about... cgroup_change_all_cgroups()?
Jan
>
> /**
> * @}
> diff --git a/src/api.c b/src/api.c
> index 11cd1b4..4cab371 100644
> --- a/src/api.c
> +++ b/src/api.c
> @@ -3055,6 +3055,43 @@ int cgroup_change_cgroup_path(const char *dest, pid_t
> pid,
> return ret;
> }
>
> +int cgroup_scan_rules_config(void)
> +{
> + DIR *dir;
> + struct dirent *pid_dir = NULL;
> + char *path = "/proc/";
> +
> + dir = opendir(path);
> + if (!dir)
> + return -ECGOTHER;
> +
> + while ((pid_dir = readdir(dir)) != NULL) {
> + int err, pid;
> + uid_t euid;
> + gid_t egid;
> + char *procname = NULL;
> +
> + err = sscanf(pid_dir->d_name, "%i", &pid);
> + if (err < 1)
> + continue;
> +
> + err = cgroup_get_uid_gid_from_procfs(pid, &euid, &egid);
> + if (err)
> + continue;
> +
> + err = cgroup_get_procname_from_procfs(pid, &procname);
> + if (err)
> + continue;
> +
> + err = cgroup_change_cgroup_flags(euid, egid, procname, pid, 0);
> + if (err)
> + cgroup_dbg("cgroup change pid %i failed\n", pid);
> + }
> +
> + closedir(dir);
> + return 0;
> +}
> +
> /**
> * Print the cached rules table. This function should be called only after
> * first calling cgroup_parse_config(), but it will work with an empty rule
> diff --git a/src/daemon/cgrulesengd.c b/src/daemon/cgrulesengd.c
> index f12db45..4ea09f3 100644
> --- a/src/daemon/cgrulesengd.c
> +++ b/src/daemon/cgrulesengd.c
> @@ -1171,6 +1171,11 @@ int main(int argc, char *argv[])
> if (logfile && loglevel >= LOG_INFO)
> cgroup_print_rules_config(logfile);
>
> + /* Scan for running applications with rules */
> + ret = cgroup_scan_rules_config();
> + if (ret)
> + flog(LOG_WARNING, "Failed to initialize running tasks.");
> +
> flog(LOG_NOTICE, "Started the CGroup Rules Engine Daemon.");
>
> /* We loop endlesly in this function, unless we encounter an error. */
> diff --git a/src/libcgroup.map b/src/libcgroup.map
> index b550a58..bab81d5 100644
> --- a/src/libcgroup.map
> +++ b/src/libcgroup.map
> @@ -33,6 +33,7 @@ global:
> cgroup_set_value_bool;
> cgroup_change_cgroup_uid_gid_flags;
> cgroup_print_rules_config;
> + cgroup_scan_rules_config;
> cgroup_reload_cached_rules;
> cgroup_init_rules_cache;
> cgroup_get_current_controller_path;
------------------------------------------------------------------------------
Free Next-Gen Firewall Hardware Offer
Buy your Sophos next-gen firewall before the end March 2013
and get the hardware for free! Learn more.
http://p.sf.net/sfu/sophos-d2d-feb
_______________________________________________
Libcg-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/libcg-devel
