From: Tom Hromatka <tom.hromatka@oracle.com>
Date: Fri, 27 Jan 2023 21:08:36 +0000 (-0700)
Subject: python: Add python bindings for setting permissions and ownership
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=31af5601b989e5019b3536626f2016f837375b40;p=thirdparty%2Flibcgroup.git

python: Add python bindings for setting permissions and ownership

Add python bindings for setting the ownership, cgroup_set_uid_gid(),
and setting the permissions, cgroup_set_permissions().

Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
Reviewed-by: Kamalesh Babulal <kamalesh.babulal@oracle.com>
(cherry picked from commit dee04df0d35f05cd094da6199f5dc79448a66f5f)
---

diff --git a/src/python/cgroup.pxd b/src/python/cgroup.pxd
index ed7ad69f..b5e679b1 100644
--- a/src/python/cgroup.pxd
+++ b/src/python/cgroup.pxd
@@ -8,7 +8,7 @@
 
 # cython: language_level = 3str
 
-from posix.types cimport pid_t
+from posix.types cimport pid_t, uid_t, gid_t, mode_t
 
 cdef extern from "libcgroup.h":
     cdef struct cgroup:
@@ -92,4 +92,10 @@ cdef extern from "libcgroup.h":
     int cgroup_attach_task(cgroup * cgroup)
     int cgroup_attach_task_pid(cgroup * cgroup, pid_t pid)
 
+    int cgroup_set_uid_gid(cgroup *cgroup, uid_t tasks_uid, gid_t tasks_gid, uid_t control_uid,
+                           gid_t control_gid)
+
+    void cgroup_set_permissions(cgroup *cgroup, mode_t control_dperm, mode_t control_fperm,
+                           mode_t task_fperm)
+
 # vim: set et ts=4 sw=4:
diff --git a/src/python/libcgroup.pyx b/src/python/libcgroup.pyx
index 6edf71fd..78f2612d 100644
--- a/src/python/libcgroup.pyx
+++ b/src/python/libcgroup.pyx
@@ -14,7 +14,7 @@
 __author__ =  'Tom Hromatka <tom.hromatka@oracle.com>'
 __date__ = "25 October 2021"
 
-from posix.types cimport pid_t
+from posix.types cimport pid_t, mode_t
 cimport cgroup
 import os
 
@@ -430,6 +430,46 @@ cdef class Cgroup:
         if ret is not 0:
             raise RuntimeError("cgroup_attach_task failed: {}".format(ret))
 
+    def set_uid_gid(self, tasks_uid, tasks_gid, ctrl_uid, ctrl_gid):
+        """Set the desired owning uid/gid for the tasks file and the entire cgroup hierarchy
+
+        Arguments:
+        tasks_uid - uid that should own the tasks file
+        tasks_gid - gid that should own the tasks file
+        ctrl_uid - uid to recursively apply to the entire cgroup hierarchy
+        ctrl_gid - gid to recursively apply to the entire cgroup hierarchy
+
+        Note:
+        Does not modify the cgroup sysfs.  Does not read from the cgroup sysfs.  Applies the
+        provided uids and gids to the appropriate uid/gid fields in the cgroup struct.
+        """
+        ret = cgroup.cgroup_set_uid_gid(self._cgp, tasks_uid, tasks_gid, ctrl_uid, ctrl_gid)
+        if ret is not 0:
+            raise RuntimeError("cgroup_set_uid_gid failed: {}".format(ret))
+
+    def set_permissions(self, dir_mode, ctrl_mode, task_mode):
+        """Set the permission bits on the cgroup
+
+        Arguments:
+        dir_mode - permissions to set on the cgroup directory
+        ctrl_mode - permissions to set on the files in the directory, except tasks
+        task_mode - permissions to set on the tasks file
+
+        Note:
+        Does not modify the cgroup sysfs.  Does not read from the cgroup sysfs.  Only the
+        in-memory cgroup structure is updated.
+
+        The mode parameters are expected to be of a form defined in the Python stat module [1],
+        e.g. stat.S_IWUSR.
+
+        [1] https://docs.python.org/3/library/stat.html
+        """
+        cdef mode_t dmode = dir_mode
+        cdef mode_t cmode = ctrl_mode
+        cdef mode_t tmode = task_mode
+
+        cgroup.cgroup_set_permissions(self._cgp, dmode, cmode, tmode)
+
     def __dealloc__(self):
         cgroup.cgroup_free(&self._cgp);