cgcreate, cgconfigparser: Fixed permissions when only one of '-f' and '-d' is set.

When only one of '-f' and '-d' is set, the other is set automatically to
zero and nobody then has the rights to read/modify a group or group's
parameters.

Signed-off-by: Jan Safranek <jsafrane@redhat.com>

diff --git a/src/tools/cgconfig.c b/src/tools/cgconfig.c
index b052432a901981d0227e7de0bc8dfe9731c53e7a..cf1c31575d14ab2a3384f78ebb41c26716809266 100644 (file)
--- a/src/tools/cgconfig.c
+++ b/src/tools/cgconfig.c
@@ -72,8 +72,8 @@ int main(int argc, char *argv[])
        };
        uid_t tuid = NO_UID_GID, auid = NO_UID_GID;
        gid_t tgid = NO_UID_GID, agid = NO_UID_GID;
-       mode_t dir_mode = 0;
-       mode_t file_mode = 0;
+       mode_t dir_mode = NO_PERMS;
+       mode_t file_mode = NO_PERMS;
        int dirm_change = 0;
        int filem_change = 0;
        struct cgroup *default_group = NULL;

diff --git a/src/tools/cgcreate.c b/src/tools/cgcreate.c
index 2579072914380e36c9c05bfeadb60734d9f288e3..8edb6e0c9056dfc67d219124568dc5e8400e0e59 100644 (file)
--- a/src/tools/cgcreate.c
+++ b/src/tools/cgcreate.c
@@ -85,8 +85,8 @@ int main(int argc, char *argv[])
        int capacity = argc;
 
        /* permission variables */
-       mode_t dir_mode = 0;
-       mode_t file_mode = 0;
+       mode_t dir_mode = NO_PERMS;
+       mode_t file_mode = NO_PERMS;
        int dirm_change = 0;
        int filem_change = 0;
 

diff --git a/tests/tools/cgconfigparser/permissions b/tests/tools/cgconfigparser/permissions
index f404f3404dcf56b7d3d1f11f89fc9f381de5baa3..4a42ffe57252aef8721f394b2af17e03e34a7d73 100755 (executable)
--- a/tests/tools/cgconfigparser/permissions
+++ b/tests/tools/cgconfigparser/permissions
@@ -137,5 +137,23 @@ check_perm "STEP6" "/$TMP/cgroups/cpu/daemons/ssh/tasks" 264 root nobody
 
 $TOOLSDIR/cgclear || die "cgclear failed"
 
+# STEP7: config file without default section, but with only -d params (=-f is taken from umask)
+$TOOLSDIR/cgconfigparser -l `prepare_config $CONFDIR/permissions_default4.conf` -t nobody:nobody -a nobody:nobody -d 757 || \
+    die "STEP7: cgconfigparser -l $CONFDIR/permissions_default4.conf failed"
+
+check_perm "STEP7" "/$TMP/cgroups/cpu/daemons/www" 757 nobody nobody
+check_perm "STEP7" "/$TMP/cgroups/cpu/daemons/www/cpu.shares" 644 nobody nobody
+check_perm "STEP7" "/$TMP/cgroups/cpu/daemons/www/tasks" 644 nobody nobody
+
+check_perm "STEP7" "/$TMP/cgroups/cpu/daemons/ftp" 742 root root
+check_perm "STEP7" "/$TMP/cgroups/cpu/daemons/ftp/cpu.shares" 426 root root
+check_perm "STEP7" "/$TMP/cgroups/cpu/daemons/ftp/tasks" 264 root root
+
+check_perm "STEP7" "/$TMP/cgroups/cpu/daemons/ssh" 757 root nobody
+check_perm "STEP7" "/$TMP/cgroups/cpu/daemons/ssh/cpu.shares" 426 root nobody
+check_perm "STEP7" "/$TMP/cgroups/cpu/daemons/ssh/tasks" 264 root nobody
+
+$TOOLSDIR/cgclear || die "cgclear failed"
+
 cleanup
 exit 0