From: Tom Hromatka Date: Mon, 4 Nov 2019 23:23:22 +0000 (+0000) Subject: cgrulesengd: Add wildcard matching for process names X-Git-Tag: v0.42.rc1~2 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=831c75c5ff6a59abb64bdedd1dc0d60be0b96139;p=thirdparty%2Flibcgroup.git cgrulesengd: Add wildcard matching for process names This commit adds wildcard matching to process name parsing in cgrulesengd. Note that wildcard matching works for standard rules and ignore rules. For example, given the following rule in cgrules.conf \# tom:foo* memory FooCG/ Processes named 'foo', foo1', 'foo2', etc. would be moved to the FooCG/ cgroup. Processes named 'bar', 'fo', etc. would not match this rule. Signed-off-by: Tom Hromatka --- diff --git a/src/api.c b/src/api.c index 3fbe1ed2..c814d34c 100644 --- a/src/api.c +++ b/src/api.c @@ -2801,6 +2801,34 @@ static int cg_prepare_cgroup(struct cgroup *cgroup, pid_t pid, return ret; } +/** + * Determines if the rule is a wildcard rule and if so, compares the + * wildcard rule against the new process. If the new process matches + * the wildcard rule, then this function returns true. Otherwise it + * returns false. + * + * @param rule_procname The procname field of the rule + * @param procname The name of the new process + * @return True if the procname matches the rule. False otherwise + */ +static bool cgroup_compare_wildcard_procname(const char * const rule_procname, + const char * const procname) +{ + size_t rule_strlen = strlen(rule_procname); + + if (rule_procname[rule_strlen - 1] != '*') + /* this rule does not end in a wildcard */ + return false; + + /* compare the two strings up to the asterisk */ + if (strncmp(rule_procname, procname, rule_strlen - 1) != 0) + /* the strings did not match */ + return false; + + /* all checks passed. the wildcarded process matched this rule */ + return true; +} + static int cgroup_find_matching_destination(char *cgroup_list[], const char * const rule_dest, int *matching_index) @@ -2934,6 +2962,10 @@ STATIC bool cgroup_compare_ignore_rule(const struct cgroup_rule * const rule, goto out; } + if (cgroup_compare_wildcard_procname(rule->procname, procname)) { + found_match = true; + } + out: for (i = 0; i < MAX_MNT_ELEMENTS; i++) { if (controller_list[i]) @@ -3063,6 +3095,8 @@ static struct cgroup_rule *cgroup_find_matching_rule(uid_t uid, if (!strcmp(ret->procname, base)) /* Check a rule of basename. */ break; + if (cgroup_compare_wildcard_procname(ret->procname, procname)) + break; ret = ret->next; free(base); base = NULL;