Jan Safranek [Wed, 24 Aug 2011 09:40:13 +0000 (11:40 +0200)]
cgconfigparser: Made YY_FATAL_ERROR really fatal when parsing cgconfig.conf
The error macro should stop all processing, otherwise some NULL pointers might
get dereferenced (e.g. lex.c:1323). It uses setjmp/longjmp to return from
depths of the bison/lex routines. As obvious consequence, all memory allocated
in the parsers is lost and is never freed. Still, it should be better than
exit() I proposed before.
Peter Schiffer [Wed, 13 Jul 2011 12:50:41 +0000 (14:50 +0200)]
Fixed few findings from Coverity scan
In function cgroup_parse_rules() added missing check for getpwuid() result.
In cgroup_get_procs() added missing fclose() on file descriptor.
In load_list() added missing fclose() on file descriptor.
Signed-off-by: Peter Schiffer <pschiffe@redhat.com> Signed-off-by: Jan Safranek <jsafrane@redhat.com>
There is no general rule on which permissions make sense for files in
different subsystems. Nevertheless the kernel creates those files with
the maximum allowed permissions for owner so we should use its part as
an umask for group and others permissions as well.
This means that if we specify 777 for file_mode we will end up having
same permissions as owner what ever they are.
The primary intelligence is implemented in cg_chmod_path function which
takes an argument which says whether user permissions should be used
as a template.
This patch adds and exports cgroup_set_permissions which sets
permissions for control and task files into the cgroup descriptor
and cgroup_create_cgroup does the rest.
Example:
/etc/cgconfig.conf:
mount {
cpu = /cgroup/cpuctl/;
}
Michal Hocko [Wed, 15 Jun 2011 15:23:47 +0000 (17:23 +0200)]
cgconfig: enable setting file permissions
We cannot setup file or directory permissions in (/etc/cgconfig.conf)
configuration file while we can do this with available tools.
This patch adds new two options fperm, dperm.
Task section supports only fperm, because there are no directories
involved while admin section supports both of them.
$ tools/cgconfigparser -l /etc/cgconfig.conf
$ ls -la /dev/cpuctl/devel/
total 0
drwxrwxr-x 2 root cgroup 0 May 13 15:22 .
drwxr-xr-x 3 root root 0 May 13 15:22 ..
-rw-r--r-- 1 root cgroup 0 May 13 15:22 cgroup.clone_children
--w--w--w- 1 root cgroup 0 May 13 15:22 cgroup.event_control
-r--r--r-- 1 root cgroup 0 May 13 15:22 cgroup.procs
-rw-r--r-- 1 root cgroup 0 May 13 15:22 cpu.rt_period_us
-rw-r--r-- 1 root cgroup 0 May 13 15:22 cpu.rt_runtime_us
-rw-r--r-- 1 root cgroup 0 May 13 15:22 cpu.shares
-rw-r--r-- 1 root cgroup 0 May 13 15:22 notify_on_release
-rw-rw---- 1 root cgroup 0 May 13 15:22 tasks
This patch enhances parser callbacks to initialize cgroup->task_fperm
and cgroup->control_[fd]perm and forces chmod at general
cgroup_create_cgroup level. This is safe because everybody who uses
cgroup has those values initialized to -1 unless they are set and then
they should be used.
Signed-off-by: Michal Hocko <mhocko@suse.cz> Signed-off-by: Jan Safranek <jsafrane@redhat.com>
Michal Hocko [Wed, 15 Jun 2011 15:23:39 +0000 (17:23 +0200)]
Add file and directory permissions into cgroup
Let's add file permission for tasks and file and directory permissions
for control files into cgroup so that we can add them into configuration
files.
Permissions are initialized to NO_PERMS (unsigned -1 which doesn't
represent any valid permissions) to reflect that no value is set. Let's
also add a common initialization functions for both cgroup table and
single cgroup.
Signed-off-by: Michal Hocko <mhocko@suse.cz> Signed-off-by: Jan Safranek <jsafrane@redhat.com>
cg_build_path: use max FILENAME_MAX characters for array in 2nd parameter
The function cg_build_path is internal now. All calls of it (there is one
exception - cgroup_fill_cgc function which uses FILENAME_MAX+1, fixed now too)
have the limited second parameter buffer to FILENAME_MAX.
cg_build_path copy to this buffer, but thhere was no limitation of the size of coppied buffer.
This is fixed in the patch.
Signed-off-by: Ivana Hutarova Varekova <varekova@redhat.com> Signed-off-by: Jan Safranek <jsafrane@redhat.com>
Jan Safranek [Wed, 1 Jun 2011 09:10:51 +0000 (11:10 +0200)]
Fixed cg_chmod_recursive
The function changes permissions only in the first hierarchy, but it should
change it in all of them.
Reproducer:
1) have cpuacct and freezer mounted separately, i.e.:
$ lssubsys -m
cpuacct /sys/fs/cgroup/cpuacct
freezer /sys/fs/cgroup/freezer
2) create a group with specific permissions:
$ cgcreate -f 700 -g freezer,cpuacct:/test
Result:
$ ls -la /sys/fs/cgroup/freezer/test/
-rwx------. 1 jsafrane jsafrane 0 May 31 09:16 cgroup.clone_children
-rwx------. 1 jsafrane jsafrane 0 May 31 09:16 cgroup.event_control
(-> first controller is fine)
$ ls -la /sys/fs/cgroup/cpuacct/test/
-rw-r--r--. 1 jsafrane jsafrane 0 May 31 09:16 cgroup.clone_children
--w--w--w-. 1 jsafrane jsafrane 0 May 31 09:16 cgroup.event_control
(-> second controller is wrong, it should be -rwx------)
Changelog:
- v2: fixed return code of cg_chmod_recursive_controller when fts_read fails
- v3: fixed error code when malloc fails
Signed-off-by: Jan Safranek <jsafrane@redhat.com> Acked-By: Ivana Hutarova Varekova<varekova@redhat.com>
Dhaval Giani [Fri, 27 May 2011 06:36:19 +0000 (08:36 +0200)]
cgconfig: Do not touch subsystems not mounted by cgconfig
cgconfig: Do not touch subsystems not mounted by cgconfig
In its failure path, cgconfig should only touch the subsystems
it had something to do with. Currently, it unmounts all the
subsystems in the config file. Correct this.
Signed-off-by: Dhaval Giani <dhaval.giani@gmail.com> Signed-off-by: Jan Safranek <jsafrane@redhat.com> Acked-By: Ivana Hutarova Varekova <varekova@redhat.com>
Jan Safranek [Fri, 20 May 2011 13:52:58 +0000 (15:52 +0200)]
Fixed cgconfigparser to allow configs with no 'mount' section
cgconfig service fails when something else mounts cgroup hierarchies during
boot (e.g. systemd). Therefore we should allow cgconfig.conf to have no
'mount' section -> it's up to admin to ensure that controllers are mounted as
needed.
Because 'group' section is already optional, with this patch cgconfigparser
will accept empty configuration file. This is probably the best default
config for distros with systemd.
Changelog:
- fixed case with empty config file and no mounted controllers
- reworked the if conditions to be more clear
pathtest(.sh) is ot run in the current makefile and it does not work
properly, so there is no reason to add it there. This path removes
pathtest from git.
Signed-off-by: Ivana Hutarova Varekova <varekova@redhat.com> Signed-off-by: Jan Safranek <jsafrane@redhat.com>
new version:
$ cgget -h
Usage: cgget [-nv] [-r <name>] [-g <controller>] [-a] <path> ...
or: cgget [-nv] [-r <name>] -g <controller>:<path> ...
Print parameter(s) of given group(s).
-a, --all Print info about all relevant controllers
-g <controller> Controller which info should be displaied
-g <controller>:<path> Control group whih info should be displaied
-h, --help Display this help
-n Do not print headers
-r, --variable <name> Define parameter to display
-v, --values-only Print only values, not parameter names
Signed-off-by: Ivana Hutarova Varekova <varekova@redhat.com> Signed-off-by: Jan Safranek <jsafrane@redhat.com>
cgget: add the possibility to use -g <controllers>:<path>
Most of the tools use <controllers>:<path> together with -g option,
this patch adds this version of usage of -g option to cgget tool
Older have the possibility to use -g in form -g <controller> <path>.
fix several problems in lssubsys output
* not consistent output with and without -i option
* without this option lssubsys ignore multiple hierarchies on one mount
point
* lssubsys -i without -a does not show the hierarchy number
Jan Safranek [Wed, 6 Apr 2011 06:37:52 +0000 (08:37 +0200)]
Added tests for herarcheis mounted several times.
Two new tests:
- Test cgsnapshot, cgconfigparser and lssubsys with hierarchies mounted
several times.
- Test all the above with *named* hierarchies mounted several times +
also with named hierarchy with ordinary controllers.
Signed-off-by: Jan Safranek <jsafrane@redhat.com> Acked-by: Ivana Hutarova Varekova<varekova@redhat.com>
Jan Safranek [Wed, 6 Apr 2011 06:37:45 +0000 (08:37 +0200)]
Added support for named hierarchies to cgconfigparser.
Add the missing parts to make cgconfigparser able to mount named
hierarchies. It must add 'none' option to mount opts for mount without real
controller and with 'name=xxx' only, the rest (surprisingly) works out of the
box, only quoting needs special care.
Following cgconfig.conf is usable with the patch:
mount {
"name=test" = /cgroup/test;
"name=testwithcpu" = /cgroup/cpu;
cpu = /cgroup/cpu;
}
group foo {
"name=test" { }
"name=testwithcpu" { }
cpu { cpu.shares = 1024; }
}
Jan Safranek [Wed, 6 Apr 2011 06:37:38 +0000 (08:37 +0200)]
Enhanced cgsnapshot to print named hierarchies.
cgsnapshot should show named hierarchies in 'mount' section. It already shows
their groups in 'group' sections and the output should be consistent.
And take care of quotes in the output, '=' is not valid character in controller
name unless it is in double quotes.
Example:
$ mount -t cgroup -o none,name=hello none /cgroup/named
$ mount -t cgroup -o cpuacct,name=cputest none /cgroup/cpuacct
$ cgsnapshot
Jan Safranek [Wed, 6 Apr 2011 06:37:25 +0000 (08:37 +0200)]
Added -M option to lssubsys to show multiple mount points of hierarchies.
Now libcgroup is aware of hierarchies and all its mount points, let's
extend lssubsys to show them. The patch also renames few variables to be
descriptive, 'name' is not name of controller, it's list of controllers.
Now (and also with the patch, '-m' works the same):
$ lssubsys -m
cpuset,cpuacct /cgroup/cpu
memory /cgroup/memory
With the patch:
$ lssubsys -M
cpuset,cpuacct /cgroup/cpu
cpuset,cpuacct /cgroup/cpu2
memory /cgroup/memory
Signed-off-by: Jan Safranek <jsafrane@redhat.com> Acked-by: Ivana Hutarova Varekova<varekova@redhat.com>
Jan Safranek [Wed, 6 Apr 2011 06:37:11 +0000 (08:37 +0200)]
Added iterators to go through all mount points of a hierarchy.
Add new iterators, which return all mount points of given hierarchy. The order
of the mount points is the same as in /proc/mounts, The first returned mount
point is the same as cgroup_get_subsys_mount_point().
Signed-off-by: Jan Safranek <jsafrane@redhat.com> Acked-by: Ivana Hutarova Varekova<varekova@redhat.com>
Jan Safranek [Wed, 6 Apr 2011 06:37:04 +0000 (08:37 +0200)]
Fixed libcgroup to be aware of hierarchies mounted multiple times.
Current libcgroup design handles each hierarchy only once. If a hierarchy
is mounted twice or more times, only the first mount point is taken into
account and the others are 'invisible' to libcgroup.
This causes cgsnapshot and lssubsys to show only one mount point for a
hierarchy and especially in case of cgsnapshot it's not what user expects.
The patch below adds a list of all mount points to cg_mount_table_s structure.
Signed-off-by: Jan Safranek <jsafrane@redhat.com> Acked-by: Ivana Hutarova Varekova<varekova@redhat.com>
Jan Safranek [Wed, 6 Apr 2011 06:36:58 +0000 (08:36 +0200)]
Fixed parsing of mount options
hasmntopt() returns start of the matching string, i.e. when looking for
'cpuacct' option it can return 'cpuacct,cpuset' if these two are mounted
together. So, don't use result of this function, use internal table of
controllers instead when checking for duplicates.
Signed-off-by: Jan Safranek <jsafrane@redhat.com> Acked-by: Ivana Hutarova Varekova<varekova@redhat.com>
Jan Safranek [Tue, 5 Apr 2011 06:22:32 +0000 (08:22 +0200)]
Fixed cgrules.conf restore in testenv.sh
The testenv.sh backs up and restores /etc/cgrules.conf. But when there is
no /etc/cgrules.conf when the test starts, the file is not removed when the
test ends.
Changelog:
- redirected 'rm' output to /dev/null
Signed-off-by: Jan Safranek <jsafrane@redhat.com> Acked-by: Ivana Hutarova Varekova<varekova@redhat.com>
Jan Safranek [Tue, 5 Apr 2011 06:22:07 +0000 (08:22 +0200)]
Added tests for cgclassify tool
Various tests for cgclassify tool, including error cases and testing with
/etc/cgrules.conf. The tests will produce error messages to output, but it's
expected, reaction of cgclassify to wrong input is being tested as well.
Changelog: nothing since v1
Signed-off-by: Jan Safranek <jsafrane@redhat.com> Acked-by: Ivana Hutarova Varekova<varekova@redhat.com>
Jan Safranek [Fri, 4 Mar 2011 11:22:31 +0000 (12:22 +0100)]
Fix configure --enable-debug
I've noticed that the debugging info is compiled in even if --disable-debug
is provided. Following patch adds explicit check that --enable-debug or
--enable-debug=yes is provided to configure script.
This script tests the examples 1-4 from cgconfig.conf man pages - for each one tests whether the configuration which is created using described configuration file is identical with the example described below
changelog:
* variables renamed
* added conf files to Makefile.am
Signed-off-by: Ivana Hutarova Varekova <varekova@redhat.com> Signed-off-by: Jan Safranek <jsafrane@redhat.com>
changelog:
* test moved to separate subdirectory tools
changelog v2:
* set the directory in makefile
* add CONFIGDIR variable
This patch create general functions and variables (made by Jan Safranek):
functions:
die:
# Print an error message and exit
# Usage:
# cgclear || die "cgclear failed"
cleanup()
# Clear everything that was created at loading this script, i.e.
# remove the temporary directory
# Usage:
# cleanup
prepare_config
# Copies a file to $TMP and replaces all occurrences of TMP in the file with
# value of $TMP. The function prints the name of the new file to its std.
# output.
#
# Usage:
# cgconfigparser -l `prepare_config config/sample.conf`
Jan Safranek [Fri, 4 Mar 2011 11:06:37 +0000 (12:06 +0100)]
Fix cgclear to continue unmounting on error
Currently when the cgclear stumbles upon a mount point which cannot be
removed it exits immediatelly. IMHO it should continue clearing the rest
and unmount as much as possible.
Signed-off-by: Jan Safranek <jsafrane@redhat.com> Acked-by: Dhaval Giani <dhaval.giani@gmail.com>
Jiri Slaby [Mon, 28 Feb 2011 16:39:59 +0000 (17:39 +0100)]
configure.in: fix autoconf error
Autoconf expects an email in AC_INIT, otherwise it screams:
configure.in:18: warning: AC_INIT: not a literal: http://sourceforge.net/tracker/?group_id=218421&atid=1043649
Remove the URL, "/" and "&" are not allowed there.
Signed-off-by: Jiri Slaby <jslaby@suse.cz> Signed-off-by: Jan Safranek <jsafrane@redhat.com>
Jiri Slaby [Mon, 28 Feb 2011 16:39:58 +0000 (17:39 +0100)]
scripts/init.d: little cleanup cgred.in
Merge most of suse changes into these scripts to lower the maintanance
burden for us:
* define lockfile and use all over the code
* RETVAL should be used only in the big switch
* use quotes in some places
Signed-off-by: Jiri Slaby <jslaby@suse.cz> Signed-off-by: Jan Safranek <jsafrane@redhat.com>
Nelson Elhage [Fri, 18 Feb 2011 01:55:12 +0000 (20:55 -0500)]
cgrulesengd: Ignore netlink messages that don't come from the kernel.
recvfrom() returns the address, it doesn't filter the packet based on the
sender. We need to explicitly check the received address after the call happens.
Signed-off-by: Nelson Elhage <nelhage@ksplice.com> Signed-off-by: Jan Safranek <jsafrane@redhat.com>
Ken'ichi Ohmichi [Thu, 10 Feb 2011 04:41:58 +0000 (13:41 +0900)]
Make --sticky option effective when setuid(2) and setgid(2)
A cgrulesengd daemon did not check whether a stickied process or when
setuid(2)/setgid(2) happens, and the daemon moved the process based on
/etc/cgrules.conf.
So --sticky option was not effective when setuid(2)/setgid(2).
This patch makes --sticky effective when setuid(2) and setgid(2) also.
Balbir Singh [Sun, 2 Jan 2011 10:03:32 +0000 (15:33 +0530)]
Add bindings for python
The added bindings depend on swig and hence are disabled by
default. If you know what you are doing, enable the bindings
for python. To test the bindings, ensure _libcgroup.so
is copied in the same directory as libcgroup.py. There after
libcgroup API's can be invoked from python.
Please use --enable-bindings after installing swig to compile
with the changes
Jiri Slaby [Tue, 4 Jan 2011 16:56:40 +0000 (17:56 +0100)]
[PATCH 3/3] config: fix segfault in cgconfigparser
We now get:
Program received signal SIGSEGV, Segmentation fault.
cgroup_add_controller (cgroup=0x7ffff7f86010, name=0x606300 "cpuacct") at wrapper.c:70
70 cgroup->controller[cgroup->index] = controller;
(gdb) where
0 cgroup_add_controller (cgroup=0x7ffff7f86010, name=0x606300 "cpuacct") at wrapper.c:70
1 0x00007ffff79806d4 in cgroup_config_parse_controller_options (controller=0x606300 "cpuacct", values=0x6085b0)
at config.c:135
2 0x00007ffff79793ec in yyparse () at parse.y:97
3 0x00007ffff7980ee1 in cgroup_config_load_config (pathname=<value optimized out>) at config.c:667
4 0x00000000004009f4 in main (argc=3, argv=0x7fffffffdf08) at cgconfig.c:67
It's because cgroup structure is unitialized. Especially its member
index is not and later we access cgroup->controller[cgroup->index]
with cgroup->index negative and kaboom, we explode.
Jiri Slaby [Tue, 4 Jan 2011 16:56:39 +0000 (17:56 +0100)]
[PATCH 2/3] cgsnapshot: fix strn* lengths
The 'n' parameter in strncat stands for how much to copy from src, not
what's dest overall space. So we need to subtract full strlen we have
constructed so far.
Also fix one strncpy where we may pass too much as well as in strncpy.
When one passes no input to the parser, it spits out:
Cannot have mount and namespace keyword in the same configuration file
It's wrong, because we have none of them. So change it to:
Either mount or namespace keyword has to be specified in the configuration file
cgred.in: fix return value start()/stop() function's
Now cgred script can't return proper value. Because
stop()/start() functions return result of if [] when failing,
and result of wrong commands when succeeding.
So fix this.
Signed-off-by: Masaki Tachibana <tachibana@mxm.nes.nec.co.jp> Signed-off-by: Jan Safranek <jsafrane@redhat.com>
Ciju Rajan K [Wed, 15 Dec 2010 11:19:23 +0000 (16:49 +0530)]
When we invoke cgroup_get_cgroup() to get the cgroup meta data, the
admin_id and admin_gid are not displayed correctly. This is because
cgroup_fill_cgc() does not differentiate between the cgroup control
files and tasks file. So cgroup->control_uid and cgroup->control_gid
fields are getting populated with the uid and gid of tasks file.
This patch fixes this problem by adding a check in the cgroup_fill_cgc()
function to see if the file is a 'tasks' file or not.
Changes from v1.0:
* Instead of using strstr() using pointer arithmetic to get the last six
characters of the entire path
* Fixed the problem of dealing *tasks* string as part of directory names
Signed-off-by: Ciju Rajan K <ciju@linux.vnet.ibm.com> Acked-by: Dhaval Giani <dhaval.giani@gmail.com> Signed-off-by: Balbir Singh <balbir@linux.vnet.ibm.com>
projects / thirdparty / libcgroup.git / log
