Add file and directory permissions into cgroup

Let's add file permission for tasks and file and directory permissions
for control files into cgroup so that we can add them into configuration
files.
Permissions are initialized to NO_PERMS (unsigned -1 which doesn't
represent any valid permissions) to reflect that no value is set.  Let's
also add a common initialization functions for both cgroup table and
single cgroup.

Signed-off-by: Michal Hocko <mhocko@suse.cz>
Signed-off-by: Jan Safranek <jsafrane@redhat.com>

diff --git a/include/libcgroup/groups.h b/include/libcgroup/groups.h
index 106064141c1cfa87a50b39790a21fc48d528876c..61f18a09fe7c98775bb4da105e4555105a668ead 100644 (file)
--- a/include/libcgroup/groups.h
+++ b/include/libcgroup/groups.h
@@ -109,6 +109,10 @@ struct cgroup;
  */
 struct cgroup_controller;
 
+/**
+ * Uninitialized file/directory permissions used for task/control files.
+ */
+#define NO_PERMS (-1U)
 
 /**
  * Allocate new cgroup structure. This function itself does not create new

diff --git a/src/config.c b/src/config.c
index b8325a5699ddd5824005fd6e137bc9b43f8a03f4..92d8227b6866e64f63ab592a0725206ba01853ef 100644 (file)
--- a/src/config.c
+++ b/src/config.c
@@ -105,6 +105,7 @@ int cgroup_config_insert_cgroup(char *cg_name)
 
                memset(newblk + oldlen, 0, (MAX_CGROUPS - oldlen) *
                                sizeof(struct cgroup));
+               init_cgroup_table(newblk + oldlen, MAX_CGROUPS - oldlen);
                config_cgroup_table = newblk;
                cgroup_dbg("MAX_CGROUPS %d\n", MAX_CGROUPS);
                cgroup_dbg("reallocated config_cgroup_table to %p\n", config_cgroup_table);
@@ -726,6 +727,11 @@ int cgroup_config_load_config(const char *pathname)
        }
 
        config_cgroup_table = calloc(MAX_CGROUPS, sizeof(struct cgroup));
+       if (!config_cgroup_table)
+               return ECGFAIL;
+
+       init_cgroup_table(config_cgroup_table, MAX_CGROUPS);
+
        if (yyparse() != 0) {
                cgroup_dbg("Failed to parse file %s\n", pathname);
                fclose(yyin);

diff --git a/src/libcgroup-internal.h b/src/libcgroup-internal.h
index 45c1dede668656f0eee4954c12b40499aae8f0c1..9845cad14f4b64cd64d0edff3e54957f372763bf 100644 (file)
--- a/src/libcgroup-internal.h
+++ b/src/libcgroup-internal.h
@@ -84,8 +84,11 @@ struct cgroup {
        int index;
        uid_t tasks_uid;
        gid_t tasks_gid;
+       mode_t task_fperm;
        uid_t control_uid;
        gid_t control_gid;
+       mode_t control_fperm;
+       mode_t control_dperm;
 };
 
 struct cg_mount_point {
@@ -189,6 +192,7 @@ int cgroup_get_procname_from_procfs(pid_t pid, char **procname);
 int cg_mkdir_p(const char *path);
 struct cgroup *create_cgroup_from_name_value_pairs(const char *name,
                struct control_value *name_value, int nv_number);
+void init_cgroup_table(struct cgroup *cgroups, size_t count);
 
 /*
  * Main mounting structures

diff --git a/src/wrapper.c b/src/wrapper.c
index 4828ea8bf39bea173e93c284887dbfb919fd96e6..90c8bc31a0b2995f1327042bfa06b2f8da235daf 100644 (file)
--- a/src/wrapper.c
+++ b/src/wrapper.c
@@ -23,13 +23,26 @@
 #include <string.h>
 #include <unistd.h>
 
+static void init_cgroup(struct cgroup *cgroup)
+{
+       cgroup->task_fperm = cgroup->control_fperm = cgroup->control_dperm = NO_PERMS;
+}
+
+void init_cgroup_table(struct cgroup *cgroups, size_t count)
+{
+       size_t i;
+
+       for (i = 0; i < count; ++i)
+               init_cgroup(&cgroups[i]);
+}
+
 struct cgroup *cgroup_new_cgroup(const char *name)
 {
        struct cgroup *cgroup = calloc(1, sizeof(struct cgroup));
-
        if (!cgroup)
                return NULL;
 
+       init_cgroup(cgroup);
        strncpy(cgroup->name, name, sizeof(cgroup->name));
 
        return cgroup;