From: Jan Safranek <jsafrane@redhat.com>
Date: Fri, 9 Dec 2011 14:04:24 +0000 (+0100)
Subject: cgcreate, cgconfigparser: Fixed permissions when only one of '-f' and '-d' is set.
X-Git-Tag: v0.38~12
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=a4df5d76ce554f89b26f23121bbc7927c0c99cf4;p=thirdparty%2Flibcgroup.git

cgcreate, cgconfigparser: Fixed permissions when only one of '-f' and '-d' is set.

When only one of '-f' and '-d' is set, the other is set automatically to
zero and nobody then has the rights to read/modify a group or group's
parameters.

Signed-off-by: Jan Safranek <jsafrane@redhat.com>
---

diff --git a/src/tools/cgconfig.c b/src/tools/cgconfig.c
index b052432a..cf1c3157 100644
--- a/src/tools/cgconfig.c
+++ b/src/tools/cgconfig.c
@@ -72,8 +72,8 @@ int main(int argc, char *argv[])
 	};
 	uid_t tuid = NO_UID_GID, auid = NO_UID_GID;
 	gid_t tgid = NO_UID_GID, agid = NO_UID_GID;
-	mode_t dir_mode = 0;
-	mode_t file_mode = 0;
+	mode_t dir_mode = NO_PERMS;
+	mode_t file_mode = NO_PERMS;
 	int dirm_change = 0;
 	int filem_change = 0;
 	struct cgroup *default_group = NULL;
diff --git a/src/tools/cgcreate.c b/src/tools/cgcreate.c
index 25790729..8edb6e0c 100644
--- a/src/tools/cgcreate.c
+++ b/src/tools/cgcreate.c
@@ -85,8 +85,8 @@ int main(int argc, char *argv[])
 	int capacity = argc;
 
 	/* permission variables */
-	mode_t dir_mode = 0;
-	mode_t file_mode = 0;
+	mode_t dir_mode = NO_PERMS;
+	mode_t file_mode = NO_PERMS;
 	int dirm_change = 0;
 	int filem_change = 0;
 
diff --git a/tests/tools/cgconfigparser/permissions b/tests/tools/cgconfigparser/permissions
index f404f340..4a42ffe5 100755
--- a/tests/tools/cgconfigparser/permissions
+++ b/tests/tools/cgconfigparser/permissions
@@ -137,5 +137,23 @@ check_perm "STEP6" "/$TMP/cgroups/cpu/daemons/ssh/tasks" 264 root nobody
 
 $TOOLSDIR/cgclear || die "cgclear failed"
 
+# STEP7: config file without default section, but with only -d params (=-f is taken from umask)
+$TOOLSDIR/cgconfigparser -l `prepare_config $CONFDIR/permissions_default4.conf` -t nobody:nobody -a nobody:nobody -d 757 || \
+    die "STEP7: cgconfigparser -l $CONFDIR/permissions_default4.conf failed"
+
+check_perm "STEP7" "/$TMP/cgroups/cpu/daemons/www" 757 nobody nobody
+check_perm "STEP7" "/$TMP/cgroups/cpu/daemons/www/cpu.shares" 644 nobody nobody
+check_perm "STEP7" "/$TMP/cgroups/cpu/daemons/www/tasks" 644 nobody nobody
+
+check_perm "STEP7" "/$TMP/cgroups/cpu/daemons/ftp" 742 root root
+check_perm "STEP7" "/$TMP/cgroups/cpu/daemons/ftp/cpu.shares" 426 root root
+check_perm "STEP7" "/$TMP/cgroups/cpu/daemons/ftp/tasks" 264 root root
+
+check_perm "STEP7" "/$TMP/cgroups/cpu/daemons/ssh" 757 root nobody
+check_perm "STEP7" "/$TMP/cgroups/cpu/daemons/ssh/cpu.shares" 426 root nobody
+check_perm "STEP7" "/$TMP/cgroups/cpu/daemons/ssh/tasks" 264 root nobody
+
+$TOOLSDIR/cgclear || die "cgclear failed"
+
 cleanup
 exit 0