On Thu, Feb 14, 2013 at 8:43 PM, John Fastabend <john.fastab...@gmail.com>wrote:
> Add routine to scan rules.conf file and move matching running tasks
> in /proc/pid/* into configured control groups. Then at init time
> we can move running tasks into the correct control group.
>
> Expose this routine via libcg so other applications can use it
> to classify existing applications after creating control groups.
>
> CC: Jan Safranek <jsafr...@redhat.com>
> Signed-off-by: John Fastabend <john.r.fastab...@intel.com>
> ---
> include/libcgroup/tasks.h | 11 +++++++++++
> src/api.c | 46
> +++++++++++++++++++++++++++++++++++++++++++++
> src/daemon/cgrulesengd.c | 5 +++++
> src/libcgroup.map | 1 +
> 4 files changed, 63 insertions(+)
>
> diff --git a/include/libcgroup/tasks.h b/include/libcgroup/tasks.h
> index 0f79220..aad438a 100644
> --- a/include/libcgroup/tasks.h
> +++ b/include/libcgroup/tasks.h
> @@ -121,6 +121,17 @@ void cgroup_print_rules_config(FILE *fp);
> */
>
> /**
> + * Changes the cgroup of all running PIDs based on the rules in the config
> + * file. If a rules exists for a PID, then the PID is placed in the
> correct
> + * group.
> + *
> + * This function may be called after creating new control groups to move
> + * running PIDs into the newly created control groups.
> + * @return 0 on success, < 0 on error
> + */
> +int cgroup_change_all_cgroups(void);
> +
> +/**
> * Changes the cgroup of a program based on the rules in the config file.
> * If a rule exists for the given UID, GID or PROCESS NAME, then the given
> * PID is placed into the correct group. By default, this function parses
> diff --git a/src/api.c b/src/api.c
> index 11cd1b4..2851efd 100644
> --- a/src/api.c
> +++ b/src/api.c
> @@ -3056,6 +3056,52 @@ int cgroup_change_cgroup_path(const char *dest,
> pid_t pid,
> }
>
> /**
> + * Changes the cgroup of all running PIDs based on the rules in the config
> + * file. If a rules exists for a PID, then the PID is placed in the
> correct
> + * group.
> + *
> + * This function may be called after creating new control groups to move
> + * running PIDs into the newly created control groups.
> + * @return 0 on success, < 0 on error
> + */
> +int cgroup_change_all_cgroups(void)
> +{
> + DIR *dir;
> + struct dirent *pid_dir = NULL;
> + char *path = "/proc/";
> +
> + dir = opendir(path);
> + if (!dir)
> + return -ECGOTHER;
> +
> + while ((pid_dir = readdir(dir)) != NULL) {
> + int err, pid;
> + uid_t euid;
> + gid_t egid;
> + char *procname = NULL;
> +
> + err = sscanf(pid_dir->d_name, "%i", &pid);
> + if (err < 1)
> + continue;
> +
> + err = cgroup_get_uid_gid_from_procfs(pid, &euid, &egid);
> + if (err)
> + continue;
> +
> + err = cgroup_get_procname_from_procfs(pid, &procname);
> + if (err)
> + continue;
> +
> + err = cgroup_change_cgroup_flags(euid, egid, procname,
> pid, 0);
> + if (err)
> + cgroup_dbg("cgroup change pid %i failed\n", pid);
> + }
> +
> + closedir(dir);
> + return 0;
> +}
> +
> +/**
> * Print the cached rules table. This function should be called only
> after
> * first calling cgroup_parse_config(), but it will work with an empty
> rule
> * list.
> diff --git a/src/daemon/cgrulesengd.c b/src/daemon/cgrulesengd.c
> index f12db45..42feacc 100644
> --- a/src/daemon/cgrulesengd.c
> +++ b/src/daemon/cgrulesengd.c
> @@ -1171,6 +1171,11 @@ int main(int argc, char *argv[])
> if (logfile && loglevel >= LOG_INFO)
> cgroup_print_rules_config(logfile);
>
> + /* Scan for running applications with rules */
> + ret = cgroup_change_all_cgroups();
> + if (ret)
> + flog(LOG_WARNING, "Failed to initialize running tasks.");
> +
> flog(LOG_NOTICE, "Started the CGroup Rules Engine Daemon.");
>
> /* We loop endlesly in this function, unless we encounter an
> error. */
> diff --git a/src/libcgroup.map b/src/libcgroup.map
> index b550a58..f6adb9a 100644
> --- a/src/libcgroup.map
> +++ b/src/libcgroup.map
> @@ -33,6 +33,7 @@ global:
> cgroup_set_value_bool;
> cgroup_change_cgroup_uid_gid_flags;
> cgroup_print_rules_config;
> + cgroup_change_all_cgroups;
> cgroup_reload_cached_rules;
> cgroup_init_rules_cache;
> cgroup_get_current_controller_path;
>
>
>
Wrong place. This is a new API, so comes in a new version.
Dhaval
------------------------------------------------------------------------------
Free Next-Gen Firewall Hardware Offer
Buy your Sophos next-gen firewall before the end March 2013
and get the hardware for free! Learn more.
http://p.sf.net/sfu/sophos-d2d-feb
_______________________________________________
Libcg-devel mailing list
Libcg-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/libcg-devel
