By default, kernel sets the file mode of cgroup files as: -rw-r--r-- 1 root prodctn 0 Sep 28 14:47 memory.limit_in_bytes
However, if we set the admin and/or task permissions (in cgconfig.conf file) to different gid as root (as in given example), users belonging to that group still don't have permissions to write to the mentioned files. This issue has been discussed on kernel side [1] [2] [3], but outcome is, that because of group change is initiated by user-space program, file mode change should be also updated by user-space program. This proposed patch is doing so. After owner/group change of cgroup files, file mode is also updated. File and directory modes are only a sane defaults, as the patch uses owner_is_umask flag when calling cg_chmod_file() function. This means, that owner rights are used as mask for group and others privileges. This way, read-only files stay read-only and write-only files stay write-only. [1] http://www.gossamer-threads.com/lists/linux/kernel/1334691?do=post_view_threaded#1334691 [2] http://www.gossamer-threads.com/lists/linux/kernel/1334740?do=post_view_threaded#1334740 [3] http://www.gossamer-threads.com/lists/linux/kernel/1334698?do=post_view_threaded#1334698 Signed-off-by: Peter Schiffer <pschi...@redhat.com> --- src/api.c | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/src/api.c b/src/api.c index cd4e5b0..50e548a 100644 --- a/src/api.c +++ b/src/api.c @@ -153,6 +153,10 @@ static int cg_chown_file(FTS *fts, FTSENT *ent, uid_t owner, gid_t group) return ret; } +int cg_chmod_file(FTS *fts, FTSENT *ent, mode_t dir_mode, + int dirm_change, mode_t file_mode, int filem_change, + int owner_is_umask); + /* * TODO: Need to decide a better place to put this function. */ @@ -160,6 +164,12 @@ static int cg_chown_recursive(char **path, uid_t owner, gid_t group) { int ret = 0; FTS *fts; + /* mode 664 */ + mode_t file_mode = S_IRUSR | S_IWUSR | + S_IRGRP | S_IWGRP | S_IROTH; + /* mode 775 */ + mode_t dir_mode = S_IRUSR | S_IWUSR | S_IXUSR | + S_IRGRP | S_IWGRP | S_IXGRP | S_IROTH | S_IXOTH; cgroup_dbg("chown: path is %s\n", *path); fts = fts_open(path, FTS_PHYSICAL | FTS_NOCHDIR | @@ -177,6 +187,7 @@ static int cg_chown_recursive(char **path, uid_t owner, gid_t group) cgroup_warn("Warning: fts_read failed\n"); break; } + cg_chmod_file(fts, ent, dir_mode, 0, file_mode, 1, 1); ret = cg_chown_file(fts, ent, owner, group); } fts_close(fts); ------------------------------------------------------------------------------ October Webinars: Code for Performance Free Intel webinars can help you accelerate application performance. Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from the latest Intel processors and coprocessors. See abstracts and register > http://pubads.g.doubleclick.net/gampad/clk?id=60135991&iu=/4140/ostg.clktrk _______________________________________________ Libcg-devel mailing list Libcg-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/libcg-devel
