From: Michal Hocko Date: Wed, 15 Jun 2011 15:23:47 +0000 (+0200) Subject: cgconfig: enable setting file permissions X-Git-Tag: v0.38~76 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=c89f2e79a35d0e5f74eabdda60c7f0097791d94f;p=thirdparty%2Flibcgroup.git cgconfig: enable setting file permissions We cannot setup file or directory permissions in (/etc/cgconfig.conf) configuration file while we can do this with available tools. This patch adds new two options fperm, dperm. Task section supports only fperm, because there are no directories involved while admin section supports both of them. Example: /etc/cgconfig.conf: mount { cpu = /dev/cpuctl; } group devel { perm { task { uid = root; gid = cgroup; fperm = 660; } admin { uid = root; gid = cgroup; dperm = 775; } } cpu { cpu.shares = 5120; } } $ tools/cgconfigparser -l /etc/cgconfig.conf $ ls -la /dev/cpuctl/devel/ total 0 drwxrwxr-x 2 root cgroup 0 May 13 15:22 . drwxr-xr-x 3 root root 0 May 13 15:22 .. -rw-r--r-- 1 root cgroup 0 May 13 15:22 cgroup.clone_children --w--w--w- 1 root cgroup 0 May 13 15:22 cgroup.event_control -r--r--r-- 1 root cgroup 0 May 13 15:22 cgroup.procs -rw-r--r-- 1 root cgroup 0 May 13 15:22 cpu.rt_period_us -rw-r--r-- 1 root cgroup 0 May 13 15:22 cpu.rt_runtime_us -rw-r--r-- 1 root cgroup 0 May 13 15:22 cpu.shares -rw-r--r-- 1 root cgroup 0 May 13 15:22 notify_on_release -rw-rw---- 1 root cgroup 0 May 13 15:22 tasks This patch enhances parser callbacks to initialize cgroup->task_fperm and cgroup->control_[fd]perm and forces chmod at general cgroup_create_cgroup level. This is safe because everybody who uses cgroup has those values initialized to -1 unless they are set and then they should be used. Signed-off-by: Michal Hocko Signed-off-by: Jan Safranek --- diff --git a/src/api.c b/src/api.c index f295102f..0f308af2 100644 --- a/src/api.c +++ b/src/api.c @@ -1475,6 +1475,13 @@ int cgroup_create_cgroup(struct cgroup *cgroup, int ignore_ownership) cgroup_dbg("Changing ownership of %s\n", fts_path[0]); error = cg_chown_recursive(fts_path, cgroup->control_uid, cgroup->control_gid); + if (!error) { + error = cg_chmod_recursive_controller(fts_path[0], + cgroup->control_dperm, + cgroup->control_dperm != NO_PERMS, + cgroup->control_fperm, + cgroup->control_fperm != NO_PERMS); + } } if (error) @@ -1521,11 +1528,15 @@ int cgroup_create_cgroup(struct cgroup *cgroup, int ignore_ownership) } error = chown(path, cgroup->tasks_uid, cgroup->tasks_gid); + if (!error && cgroup->task_fperm != NO_PERMS) + error = chmod(path, cgroup->task_fperm); + if (error) { last_errno = errno; error = ECGOTHER; goto err; } + } free(base); base = NULL; diff --git a/src/config.c b/src/config.c index 92d8227b..3e67b4ff 100644 --- a/src/config.c +++ b/src/config.c @@ -234,6 +234,14 @@ int cgroup_config_group_task_perm(char *perm_type, char *value) config_cgroup->tasks_gid = val; } + if (!strcmp(perm_type, "fperm")) { + char *endptr; + val = strtol(value, &endptr, 8); + if (*endptr) + goto group_task_error; + config_cgroup->task_fperm = val; + } + free(perm_type); free(value); return 1; @@ -300,6 +308,22 @@ int cgroup_config_group_admin_perm(char *perm_type, char *value) config_cgroup->control_gid = val; } + if (!strcmp(perm_type, "fperm")) { + char *endptr; + val = strtol(value, &endptr, 8); + if (*endptr) + goto admin_error; + config_cgroup->control_fperm = val; + } + + if (!strcmp(perm_type, "dperm")) { + char *endptr; + val = strtol(value, &endptr, 8); + if (*endptr) + goto admin_error; + config_cgroup->control_dperm = val; + } + free(perm_type); free(value); return 1;