libcgroup: Added cgroup_config_set_default() function.

With cgroup_config_set_default() can an application set default permissions
of groups and files created by cgroup_config_load_config(). See the
documentation of the function.

Signed-off-by: Jan Safranek <jsafrane@redhat.com>

diff --git a/include/libcgroup/config.h b/include/libcgroup/config.h
index 4cf5ce015161dc972b738f222d1e92b2a9f42bfa..2dfdd32abad98f4e30c4d7e9603362fdf58bbbf6 100644 (file)
--- a/include/libcgroup/config.h
+++ b/include/libcgroup/config.h
@@ -55,6 +55,24 @@ int cgroup_unload_cgroups(void);
  */
 int cgroup_config_unload_config(const char *pathname, int flags);
 
+/**
+ * Sets default permissions of groups created by subsequent
+ * cgroup_config_load_config() calls. If a config file contains a 'default {}'
+ * section, the default permissions from the config file is then used.
+ *
+ * Use cgroup_new_cgroup() to create a dummy group and cgroup_set_uid_gid() and
+ * cgroup_set_permissions() to set its permissions. Use NO_UID_GID instead of
+ * GID/UID and NO_PERMS instead of file/directory permissions to let kernel
+ * decide the default permissions where you don't want specific user and/or
+ * permissions. Kernel then uses current user/group and permissions from umask
+ * then.
+ *
+ * @param new_default New default permissions from this group are copied to
+ * libcgroup internal structures. I.e., this group can be freed immediatelly
+ * after this function returns.
+ */
+int cgroup_config_set_default(struct cgroup *new_default);
+
 /**
  * @}
  * @}

diff --git a/src/config.c b/src/config.c
index 18c6f553a81da1a24dda0b2e2effd65abf67785d..451ce400c963f4596a96871c125b79a919caf9c4 100644 (file)
--- a/src/config.c
+++ b/src/config.c
@@ -50,6 +50,7 @@ extern FILE *yyin;
 extern int yyparse(void);
 
 static struct cgroup default_group;
+static int default_group_set = 0;
 
 /*
  * The basic global data structures.
@@ -803,8 +804,11 @@ static int cgroup_parse_config(const char *pathname)
        config_table_index = 0;
        namespace_table_index = 0;
        cgroup_table_index = 0;
-       /* init the default cgroup */
-       init_cgroup_table(&default_group, 1);
+
+       if (!default_group_set) {
+               /* init the default cgroup */
+               init_cgroup_table(&default_group, 1);
+       }
 
        /*
         * Parser calls longjmp() on really fatal error (like out-of-memory).
@@ -1169,3 +1173,22 @@ int cgroup_config_define_default(void)
        init_cgroup_table(config_cgroup, 1);
        return 0;
 }
+
+int cgroup_config_set_default(struct cgroup *new_default)
+{
+       if (!new_default)
+               return ECGINVAL;
+
+       init_cgroup_table(&default_group, 1);
+
+       default_group.control_dperm = new_default->control_dperm;
+       default_group.control_fperm = new_default->control_fperm;
+       default_group.control_gid = new_default->control_gid;
+       default_group.control_uid = new_default->control_uid;
+       default_group.task_fperm = new_default->task_fperm;
+       default_group.tasks_gid = new_default->tasks_gid;
+       default_group.tasks_uid = new_default->tasks_uid;
+       default_group_set = 1;
+
+       return 0;
+}

diff --git a/src/libcgroup.map b/src/libcgroup.map
index 7a0927eb391fd94028e42e413cfa14bf2c4d3127..e73dd6e6b7f5d1fcd8d138a47fb7948a370eb578 100644 (file)
--- a/src/libcgroup.map
+++ b/src/libcgroup.map
@@ -103,4 +103,5 @@ CGROUP_0.38 {
        cgroup_get_subsys_mount_point_end;
        cgroup_set_permissions;
        cgroup_config_unload_config;
+       cgroup_config_set_default;
 } CGROUP_0.37;