In present version of testsuite OPAQUE_HIERARCHY variable is ignored,
thus testsuite is broken in systems where OPAQUE_HIERARCHY is nonempty. The patch fix this problem.
CHANGELOG v1:
* use ^cgroup instead of cgroup in grep (otherwise it counts also tmpfs /sys/fs/cgroup)
* remove obsolete IS_OPAQUE variable
Signed-off-by: Ivana Hutarova Varekova <varekova@redhat.com> Acked-By: Jan Safranek <jsafrane@redhat.com>
From: Ivana Hutarova Varekova <varekova@redhat.com>
lscgroup: fix path name trimming
lscgroup tool in display_controller_data procedure trimmed relative path
name too strictly, thus if the path have no leading "/" sign then the first
character was trimmed too.
More precisely the relative path is taken from the full path - path to the
controller root and relative path given on command line (with all
characters "/") + character "/" at the end of path. The length of suffix
which describe relative path is count from trimmed relative path given on
command line (without characters "/" at the beginning and at the end).
There have to be used the same relative path in both cases and -1 to the
length.
CHANGELOG v1:
* more detailed description
* fix the problem with "/" sign at the end of path too
EXAMPLE
without the patch:
$ lscgroup freezer:libvirt
freezer:/ibvirt/
freezer:/ibvirt/lxc
freezer:/ibvirt/qemu
with the patch:
$ lscgroup freezer:libvirt
freezer:/libvirt/
freezer:/libvirt/lxc
freezer:/libvirt/qemu
this patch fixes the problem.
Signed-off-by: Ivana Hutarova Varekova <varekova@redhat.com> Acked-By: Jan Safranek<jsafrane@redhat.com>
Jan Safranek [Thu, 15 Dec 2011 13:55:51 +0000 (14:55 +0100)]
Libcgroup: added cgconfig.service unit for systemd.
The cgconfig.service unit file should create all groups in
/etc/cgconfig.conf and (if not overriden in the config file) with sticky
bit on their tasks file. On service stop, only control groups specified in the
config file are cleared and only if they are empty (i.e. no subgroups and no
processes inside).
Please review carefully, especially the ordering. I want the service to
start as early as possible, but not before local filesystem is ready.
Jan Safranek [Thu, 15 Dec 2011 13:55:43 +0000 (14:55 +0100)]
libcgroup: Added README_systemd file.
New documentation file is added. It should describe how systemd and
libcgroup should work together and how to configure a system to have
control groups created by libcgroup's cgconfig service.
I'm going to install this README into /usr/share/doc/libcgroup-*/.
I know I am not Shakespeare and also English is not my mother language, feel
free to comment also the style and grammar. Missing/wrong articles is my
speciality :).
Changelog:
- updated with review remarks from Martin Prpic and Kevin Constantine
Jan Safranek [Fri, 9 Dec 2011 14:04:33 +0000 (15:04 +0100)]
cgcreate, cgconfigparser: Added new parameter for tasks file permissions.
So far cgcreate and cgconfigparser have -f option, which sets permissions
of all files in a group, incl. tasks file. Since we need to put sticky bit
on the tasks file for systemd, this patch adds -s option for this purpose.
Jan Safranek [Fri, 9 Dec 2011 14:04:24 +0000 (15:04 +0100)]
cgcreate, cgconfigparser: Fixed permissions when only one of '-f' and '-d' is set.
When only one of '-f' and '-d' is set, the other is set automatically to
zero and nobody then has the rights to read/modify a group or group's
parameters.
Jan Safranek [Tue, 6 Dec 2011 15:06:58 +0000 (16:06 +0100)]
cgclear: fixed exit code with -e option
cgclear -e is supposed to clear only empty groups. This works fine, but
when a non-empty group is being cleared, cgclear displays an error and
returns nozero exit code.
It should be silent and return zero exit code, because stumbling upon a
nonempty group is perfectly fine and not an error.
With cgroup_config_set_default() can an application set default permissions
of groups and files created by cgroup_config_load_config(). See the
documentation of the function.
Jan Safranek [Wed, 30 Nov 2011 14:42:29 +0000 (15:42 +0100)]
tools: Added parse_mode() and parse_uid_gid() to tools_common.c.
The parse_mode() function will be used by cgconfigparser, so move it there.
In addition, the cgconfigparser will need uid:gid parsing routines from
cgcreate.c, so move it to common code as well.
Signed-off-by: Jan Safranek <jsafrane@redhat.com> Acked-by: Dhaval Giani <dhaval.giani@gmail.com>
Jan Safranek [Wed, 30 Nov 2011 14:42:08 +0000 (15:42 +0100)]
cgconfigparser: Allow SUID and SGID permissions in 'fperm' and 'dperm' options.
libcgroup should allow SUID, SGID or sticky bit to be set either in
cgconfig.conf file or in API calls. Especially the sticky bit can be useful for
cooperation with systemd.
Jan Safranek [Wed, 30 Nov 2011 14:42:01 +0000 (15:42 +0100)]
cgconfigparser: Add 'default' section.
'default' section in cgconfig.conf file describes default owner and
permissions of group's control and task files. Using the 'default' section,
the common permissions can be specified only once per config file instead
of defining it separately for each group.
Signed-off-by: Jan Safranek <jsafrane@redhat.com> Acked-by: Dhaval Giani <dhaval.giani@gmail.com>
Jan Safranek [Wed, 30 Nov 2011 14:41:53 +0000 (15:41 +0100)]
libcgroup: Define NO_UID_GID.
Group control or task file owner should have UID/GID set to NO_UID_GID to
distinguish permissions which were set in config file from undefined
values. In the end, NO_UID_GID is transtated to UID/GID 0, so users
won't see any difference.
This will allow subsequent patches to set default owners of files/directories if
the group definition itself did not contain perm {} section.
Jan Safranek [Thu, 3 Nov 2011 09:50:11 +0000 (10:50 +0100)]
tests: Added cgconfig tests
There are two tests:
- cgclear_config_one - tests cgclear with one config file, incl. several error
cases
- cgclear_config_multi - tests cgclear with multiple config files, not so
many error cases here
Jan Safranek [Fri, 23 Sep 2011 11:53:33 +0000 (13:53 +0200)]
cgclear: delete cgroups from config file
cgclear should be able to 'uload' cgroups (and mounts) as specified in
given config file - as exact opposite of cgconfigparser.
This patch adds new options '-c <config_file>' and '-C <directory with config
files> just for this purpose. These options can be specified multiple times.
Jan Safranek [Fri, 23 Sep 2011 11:53:13 +0000 (13:53 +0200)]
libcgroup: free global config_cgroup_table
To be able to call the cgroup_parse_config() several times without memory
leaks, its callers should free the memory it allocates when they don't need
it.
Jan Safranek [Fri, 23 Sep 2011 11:53:06 +0000 (13:53 +0200)]
libcgroup: allow parsing to be called several times
cgroup_parse_config() should properly initialize its global variables, so
it can be called several times safely, i.e. several config files can be
parsed in sequence. The call to cgroup_parse_config() *rewrites* previous
result, it does not *add* new groups/mounts to global tables.
Jan Safranek [Fri, 23 Sep 2011 11:52:59 +0000 (13:52 +0200)]
libcgroup: the library can be re-initialize by cgroup_init()
cgroup_init() can be called several times in sequence. New call completelly
rewrites old data, i.e. things that were unmounted between two
cgroup_init() calls disappear and new mount points show up.
Jan Safranek [Fri, 23 Sep 2011 11:52:46 +0000 (13:52 +0200)]
libcgroup: added new flag to cgroup_delete_cgroup_ext to delete only empty groups
New flag CGFLAG_DELETE_EMPTY_ONLY tells cgroup_delete_cgroup_ext that the
group being deleted must be empty, i.e. have no subgroups and no tasks
inside.
Jan Safranek [Tue, 27 Sep 2011 06:50:09 +0000 (08:50 +0200)]
libcgroup: ignore 'tasks' file when changing permission of control files
When cgroup_create_cgroup() is called with different control_fperm and
task_fperm, libcgroup first changes permissions of *all* files to match
the control_fperm, which includes the also the tasks file and it might
loose some permission bits. The tasks file is then modulated by
control_fperm, but because umask-style of control_fperm, it might get
lower permissions that users would expect.
Therefore 'tasks' file must be skipped when using control_fperm.
Changelog since v1:
- use list of ignored files, cg_chmod_recursive_controller is called from
cg_chmod_recursive, which should chmod all files, incl. 'tasks'.
Changelog since v2:
- renamed the list with ignored files.
Signed-off-by: Jan Safranek <jsafrane@redhat.com> Reviewed-by: Michal Hocko <mhocko@suse.cz>
fts_read can return NULL in two cases. Either when we have visited all
files in the hierarchy (when errno is set to 0) or when an error
occured. We shouldn't set an error code in the first case obviously.
Changelog since v1:
- updated log message
Signed-off-by: Jan Safranek <jsafrane@redhat.com> Reviewed-by: Michal Hocko <mhocko@suse.cz>
Jan Safranek [Mon, 22 Aug 2011 08:48:58 +0000 (10:48 +0200)]
cgrulesengd: Fixed processing of symlinked executables.
when an executable is symlinked and the symlink is executed,
/proc/PID/status contains name of the symlink, while /proc/PID/exe points
to the real executable name. cgrulesengd considered this case as error and
did not trigger any rule for this exec().
With this patch, cgrulesengd uses name of /proc/PID/exe as the executable
in this case.
Jan Safranek [Wed, 24 Aug 2011 09:41:26 +0000 (11:41 +0200)]
lssubsys: Fixed file descriptor leak on error enumerating controllers.
Close the iterator when cgroup_get_all_controller_next fails. I've
rewritten the loop to have one error check for both
cgroup_get_all_controller_begin and cgroup_get_all_controller_end.
Jan Safranek [Wed, 24 Aug 2011 09:40:13 +0000 (11:40 +0200)]
cgconfigparser: Made YY_FATAL_ERROR really fatal when parsing cgconfig.conf
The error macro should stop all processing, otherwise some NULL pointers might
get dereferenced (e.g. lex.c:1323). It uses setjmp/longjmp to return from
depths of the bison/lex routines. As obvious consequence, all memory allocated
in the parsers is lost and is never freed. Still, it should be better than
exit() I proposed before.
Peter Schiffer [Wed, 13 Jul 2011 12:50:41 +0000 (14:50 +0200)]
Fixed few findings from Coverity scan
In function cgroup_parse_rules() added missing check for getpwuid() result.
In cgroup_get_procs() added missing fclose() on file descriptor.
In load_list() added missing fclose() on file descriptor.
Signed-off-by: Peter Schiffer <pschiffe@redhat.com> Signed-off-by: Jan Safranek <jsafrane@redhat.com>
There is no general rule on which permissions make sense for files in
different subsystems. Nevertheless the kernel creates those files with
the maximum allowed permissions for owner so we should use its part as
an umask for group and others permissions as well.
This means that if we specify 777 for file_mode we will end up having
same permissions as owner what ever they are.
The primary intelligence is implemented in cg_chmod_path function which
takes an argument which says whether user permissions should be used
as a template.
This patch adds and exports cgroup_set_permissions which sets
permissions for control and task files into the cgroup descriptor
and cgroup_create_cgroup does the rest.
Example:
/etc/cgconfig.conf:
mount {
cpu = /cgroup/cpuctl/;
}
Michal Hocko [Wed, 15 Jun 2011 15:23:47 +0000 (17:23 +0200)]
cgconfig: enable setting file permissions
We cannot setup file or directory permissions in (/etc/cgconfig.conf)
configuration file while we can do this with available tools.
This patch adds new two options fperm, dperm.
Task section supports only fperm, because there are no directories
involved while admin section supports both of them.
$ tools/cgconfigparser -l /etc/cgconfig.conf
$ ls -la /dev/cpuctl/devel/
total 0
drwxrwxr-x 2 root cgroup 0 May 13 15:22 .
drwxr-xr-x 3 root root 0 May 13 15:22 ..
-rw-r--r-- 1 root cgroup 0 May 13 15:22 cgroup.clone_children
--w--w--w- 1 root cgroup 0 May 13 15:22 cgroup.event_control
-r--r--r-- 1 root cgroup 0 May 13 15:22 cgroup.procs
-rw-r--r-- 1 root cgroup 0 May 13 15:22 cpu.rt_period_us
-rw-r--r-- 1 root cgroup 0 May 13 15:22 cpu.rt_runtime_us
-rw-r--r-- 1 root cgroup 0 May 13 15:22 cpu.shares
-rw-r--r-- 1 root cgroup 0 May 13 15:22 notify_on_release
-rw-rw---- 1 root cgroup 0 May 13 15:22 tasks
This patch enhances parser callbacks to initialize cgroup->task_fperm
and cgroup->control_[fd]perm and forces chmod at general
cgroup_create_cgroup level. This is safe because everybody who uses
cgroup has those values initialized to -1 unless they are set and then
they should be used.
Signed-off-by: Michal Hocko <mhocko@suse.cz> Signed-off-by: Jan Safranek <jsafrane@redhat.com>
Michal Hocko [Wed, 15 Jun 2011 15:23:39 +0000 (17:23 +0200)]
Add file and directory permissions into cgroup
Let's add file permission for tasks and file and directory permissions
for control files into cgroup so that we can add them into configuration
files.
Permissions are initialized to NO_PERMS (unsigned -1 which doesn't
represent any valid permissions) to reflect that no value is set. Let's
also add a common initialization functions for both cgroup table and
single cgroup.
Signed-off-by: Michal Hocko <mhocko@suse.cz> Signed-off-by: Jan Safranek <jsafrane@redhat.com>
cg_build_path: use max FILENAME_MAX characters for array in 2nd parameter
The function cg_build_path is internal now. All calls of it (there is one
exception - cgroup_fill_cgc function which uses FILENAME_MAX+1, fixed now too)
have the limited second parameter buffer to FILENAME_MAX.
cg_build_path copy to this buffer, but thhere was no limitation of the size of coppied buffer.
This is fixed in the patch.
Signed-off-by: Ivana Hutarova Varekova <varekova@redhat.com> Signed-off-by: Jan Safranek <jsafrane@redhat.com>
Jan Safranek [Wed, 1 Jun 2011 09:10:51 +0000 (11:10 +0200)]
Fixed cg_chmod_recursive
The function changes permissions only in the first hierarchy, but it should
change it in all of them.
Reproducer:
1) have cpuacct and freezer mounted separately, i.e.:
$ lssubsys -m
cpuacct /sys/fs/cgroup/cpuacct
freezer /sys/fs/cgroup/freezer
2) create a group with specific permissions:
$ cgcreate -f 700 -g freezer,cpuacct:/test
Result:
$ ls -la /sys/fs/cgroup/freezer/test/
-rwx------. 1 jsafrane jsafrane 0 May 31 09:16 cgroup.clone_children
-rwx------. 1 jsafrane jsafrane 0 May 31 09:16 cgroup.event_control
(-> first controller is fine)
$ ls -la /sys/fs/cgroup/cpuacct/test/
-rw-r--r--. 1 jsafrane jsafrane 0 May 31 09:16 cgroup.clone_children
--w--w--w-. 1 jsafrane jsafrane 0 May 31 09:16 cgroup.event_control
(-> second controller is wrong, it should be -rwx------)
Changelog:
- v2: fixed return code of cg_chmod_recursive_controller when fts_read fails
- v3: fixed error code when malloc fails
Signed-off-by: Jan Safranek <jsafrane@redhat.com> Acked-By: Ivana Hutarova Varekova<varekova@redhat.com>
Dhaval Giani [Fri, 27 May 2011 06:36:19 +0000 (08:36 +0200)]
cgconfig: Do not touch subsystems not mounted by cgconfig
cgconfig: Do not touch subsystems not mounted by cgconfig
In its failure path, cgconfig should only touch the subsystems
it had something to do with. Currently, it unmounts all the
subsystems in the config file. Correct this.
Signed-off-by: Dhaval Giani <dhaval.giani@gmail.com> Signed-off-by: Jan Safranek <jsafrane@redhat.com> Acked-By: Ivana Hutarova Varekova <varekova@redhat.com>
projects / thirdparty / libcgroup.git / log
