Glauber Costa [Fri, 27 Jul 2012 10:55:55 +0000 (12:55 +0200)]
Fix cgroup_modify_cgroup gratuitous failure
Around one year ago, the following was reported:
http://comments.gmane.org/gmane.comp.lib.libcg.devel/3116 (Error when
calling cgroup_modify_cgroup())
I ran into the very same error. Inspecting the code in libcg, it seemed
to me that the best thing to avoid that is to never attempt to write
something the user never wrote to.
That is because if the user actually tries to write to a read-only file,
we should yield an error, making skipping read-only a bad solution.
My solution is to add a field to the value structure indicating whether
or not it is dirty. That value will indicate whether or not an error in
the write-to-filesystem routine is considered fatal or not. Non-dirty
values will still be written, but their failures are not considered
fatal. cgroup_modify_cgroup then becomes a simple flusher, and the
problem goes away.
[ v2: Also mark dirty value writes using cgroup_set_value_* ]
[ v3: fail if write fails only for dirty values ]
Signed-off-by: Glauber Costa <glommer@parallels.com>
The present version of lscgroup trimmed "/" signs from the end of output
path.
The functionality was necessary because of cg_build_path function add
useless "/" characters to the patch. This is fixed by the previous api
patch.
Moreover other unix commands (du, grep) leave the format of path as it
was added in input (with all typed "/" characters). Thus lscgroup should
not remove "/" which were added in command line.
Example
old version:
$ lscgroup memory://abc///
memory:/abc///
memory:/abc///gh
memory:/abc///def
$ lscgroup
cpuset:/
cpuset:/3
cg_build_path adds needless "/" character in cases when the input path
ends/starts with character "/" itself. This character is added now only
in cases it is wanted and it was not set.
Changelog
- incorporate Jan's feedback - fix typo in patch description, use snprintf instead of sprintf
- deal with the situation if directory name is empty as well
- move the path concatenation functionality to a separate function
In present version of testsuite OPAQUE_HIERARCHY variable is ignored,
thus testsuite is broken in systems where OPAQUE_HIERARCHY is nonempty. The patch fix this problem.
CHANGELOG v1:
* use ^cgroup instead of cgroup in grep (otherwise it counts also tmpfs /sys/fs/cgroup)
* remove obsolete IS_OPAQUE variable
Signed-off-by: Ivana Hutarova Varekova <varekova@redhat.com> Acked-By: Jan Safranek <jsafrane@redhat.com>
From: Ivana Hutarova Varekova <varekova@redhat.com>
lscgroup: fix path name trimming
lscgroup tool in display_controller_data procedure trimmed relative path
name too strictly, thus if the path have no leading "/" sign then the first
character was trimmed too.
More precisely the relative path is taken from the full path - path to the
controller root and relative path given on command line (with all
characters "/") + character "/" at the end of path. The length of suffix
which describe relative path is count from trimmed relative path given on
command line (without characters "/" at the beginning and at the end).
There have to be used the same relative path in both cases and -1 to the
length.
CHANGELOG v1:
* more detailed description
* fix the problem with "/" sign at the end of path too
EXAMPLE
without the patch:
$ lscgroup freezer:libvirt
freezer:/ibvirt/
freezer:/ibvirt/lxc
freezer:/ibvirt/qemu
with the patch:
$ lscgroup freezer:libvirt
freezer:/libvirt/
freezer:/libvirt/lxc
freezer:/libvirt/qemu
this patch fixes the problem.
Signed-off-by: Ivana Hutarova Varekova <varekova@redhat.com> Acked-By: Jan Safranek<jsafrane@redhat.com>
Jan Safranek [Thu, 15 Dec 2011 13:55:51 +0000 (14:55 +0100)]
Libcgroup: added cgconfig.service unit for systemd.
The cgconfig.service unit file should create all groups in
/etc/cgconfig.conf and (if not overriden in the config file) with sticky
bit on their tasks file. On service stop, only control groups specified in the
config file are cleared and only if they are empty (i.e. no subgroups and no
processes inside).
Please review carefully, especially the ordering. I want the service to
start as early as possible, but not before local filesystem is ready.
Jan Safranek [Thu, 15 Dec 2011 13:55:43 +0000 (14:55 +0100)]
libcgroup: Added README_systemd file.
New documentation file is added. It should describe how systemd and
libcgroup should work together and how to configure a system to have
control groups created by libcgroup's cgconfig service.
I'm going to install this README into /usr/share/doc/libcgroup-*/.
I know I am not Shakespeare and also English is not my mother language, feel
free to comment also the style and grammar. Missing/wrong articles is my
speciality :).
Changelog:
- updated with review remarks from Martin Prpic and Kevin Constantine
Jan Safranek [Fri, 9 Dec 2011 14:04:33 +0000 (15:04 +0100)]
cgcreate, cgconfigparser: Added new parameter for tasks file permissions.
So far cgcreate and cgconfigparser have -f option, which sets permissions
of all files in a group, incl. tasks file. Since we need to put sticky bit
on the tasks file for systemd, this patch adds -s option for this purpose.
Jan Safranek [Fri, 9 Dec 2011 14:04:24 +0000 (15:04 +0100)]
cgcreate, cgconfigparser: Fixed permissions when only one of '-f' and '-d' is set.
When only one of '-f' and '-d' is set, the other is set automatically to
zero and nobody then has the rights to read/modify a group or group's
parameters.
Jan Safranek [Tue, 6 Dec 2011 15:06:58 +0000 (16:06 +0100)]
cgclear: fixed exit code with -e option
cgclear -e is supposed to clear only empty groups. This works fine, but
when a non-empty group is being cleared, cgclear displays an error and
returns nozero exit code.
It should be silent and return zero exit code, because stumbling upon a
nonempty group is perfectly fine and not an error.
With cgroup_config_set_default() can an application set default permissions
of groups and files created by cgroup_config_load_config(). See the
documentation of the function.
Jan Safranek [Wed, 30 Nov 2011 14:42:29 +0000 (15:42 +0100)]
tools: Added parse_mode() and parse_uid_gid() to tools_common.c.
The parse_mode() function will be used by cgconfigparser, so move it there.
In addition, the cgconfigparser will need uid:gid parsing routines from
cgcreate.c, so move it to common code as well.
Signed-off-by: Jan Safranek <jsafrane@redhat.com> Acked-by: Dhaval Giani <dhaval.giani@gmail.com>
Jan Safranek [Wed, 30 Nov 2011 14:42:08 +0000 (15:42 +0100)]
cgconfigparser: Allow SUID and SGID permissions in 'fperm' and 'dperm' options.
libcgroup should allow SUID, SGID or sticky bit to be set either in
cgconfig.conf file or in API calls. Especially the sticky bit can be useful for
cooperation with systemd.
Jan Safranek [Wed, 30 Nov 2011 14:42:01 +0000 (15:42 +0100)]
cgconfigparser: Add 'default' section.
'default' section in cgconfig.conf file describes default owner and
permissions of group's control and task files. Using the 'default' section,
the common permissions can be specified only once per config file instead
of defining it separately for each group.
Signed-off-by: Jan Safranek <jsafrane@redhat.com> Acked-by: Dhaval Giani <dhaval.giani@gmail.com>
Jan Safranek [Wed, 30 Nov 2011 14:41:53 +0000 (15:41 +0100)]
libcgroup: Define NO_UID_GID.
Group control or task file owner should have UID/GID set to NO_UID_GID to
distinguish permissions which were set in config file from undefined
values. In the end, NO_UID_GID is transtated to UID/GID 0, so users
won't see any difference.
This will allow subsequent patches to set default owners of files/directories if
the group definition itself did not contain perm {} section.
Jan Safranek [Thu, 3 Nov 2011 09:50:11 +0000 (10:50 +0100)]
tests: Added cgconfig tests
There are two tests:
- cgclear_config_one - tests cgclear with one config file, incl. several error
cases
- cgclear_config_multi - tests cgclear with multiple config files, not so
many error cases here
Jan Safranek [Fri, 23 Sep 2011 11:53:33 +0000 (13:53 +0200)]
cgclear: delete cgroups from config file
cgclear should be able to 'uload' cgroups (and mounts) as specified in
given config file - as exact opposite of cgconfigparser.
This patch adds new options '-c <config_file>' and '-C <directory with config
files> just for this purpose. These options can be specified multiple times.
Jan Safranek [Fri, 23 Sep 2011 11:53:13 +0000 (13:53 +0200)]
libcgroup: free global config_cgroup_table
To be able to call the cgroup_parse_config() several times without memory
leaks, its callers should free the memory it allocates when they don't need
it.
Jan Safranek [Fri, 23 Sep 2011 11:53:06 +0000 (13:53 +0200)]
libcgroup: allow parsing to be called several times
cgroup_parse_config() should properly initialize its global variables, so
it can be called several times safely, i.e. several config files can be
parsed in sequence. The call to cgroup_parse_config() *rewrites* previous
result, it does not *add* new groups/mounts to global tables.
Jan Safranek [Fri, 23 Sep 2011 11:52:59 +0000 (13:52 +0200)]
libcgroup: the library can be re-initialize by cgroup_init()
cgroup_init() can be called several times in sequence. New call completelly
rewrites old data, i.e. things that were unmounted between two
cgroup_init() calls disappear and new mount points show up.
Jan Safranek [Fri, 23 Sep 2011 11:52:46 +0000 (13:52 +0200)]
libcgroup: added new flag to cgroup_delete_cgroup_ext to delete only empty groups
New flag CGFLAG_DELETE_EMPTY_ONLY tells cgroup_delete_cgroup_ext that the
group being deleted must be empty, i.e. have no subgroups and no tasks
inside.
Jan Safranek [Tue, 27 Sep 2011 06:50:09 +0000 (08:50 +0200)]
libcgroup: ignore 'tasks' file when changing permission of control files
When cgroup_create_cgroup() is called with different control_fperm and
task_fperm, libcgroup first changes permissions of *all* files to match
the control_fperm, which includes the also the tasks file and it might
loose some permission bits. The tasks file is then modulated by
control_fperm, but because umask-style of control_fperm, it might get
lower permissions that users would expect.
Therefore 'tasks' file must be skipped when using control_fperm.
Changelog since v1:
- use list of ignored files, cg_chmod_recursive_controller is called from
cg_chmod_recursive, which should chmod all files, incl. 'tasks'.
Changelog since v2:
- renamed the list with ignored files.
Signed-off-by: Jan Safranek <jsafrane@redhat.com> Reviewed-by: Michal Hocko <mhocko@suse.cz>
fts_read can return NULL in two cases. Either when we have visited all
files in the hierarchy (when errno is set to 0) or when an error
occured. We shouldn't set an error code in the first case obviously.
Changelog since v1:
- updated log message
Signed-off-by: Jan Safranek <jsafrane@redhat.com> Reviewed-by: Michal Hocko <mhocko@suse.cz>
Jan Safranek [Mon, 22 Aug 2011 08:48:58 +0000 (10:48 +0200)]
cgrulesengd: Fixed processing of symlinked executables.
when an executable is symlinked and the symlink is executed,
/proc/PID/status contains name of the symlink, while /proc/PID/exe points
to the real executable name. cgrulesengd considered this case as error and
did not trigger any rule for this exec().
With this patch, cgrulesengd uses name of /proc/PID/exe as the executable
in this case.
Jan Safranek [Wed, 24 Aug 2011 09:41:26 +0000 (11:41 +0200)]
lssubsys: Fixed file descriptor leak on error enumerating controllers.
Close the iterator when cgroup_get_all_controller_next fails. I've
rewritten the loop to have one error check for both
cgroup_get_all_controller_begin and cgroup_get_all_controller_end.
Jan Safranek [Wed, 24 Aug 2011 09:40:13 +0000 (11:40 +0200)]
cgconfigparser: Made YY_FATAL_ERROR really fatal when parsing cgconfig.conf
The error macro should stop all processing, otherwise some NULL pointers might
get dereferenced (e.g. lex.c:1323). It uses setjmp/longjmp to return from
depths of the bison/lex routines. As obvious consequence, all memory allocated
in the parsers is lost and is never freed. Still, it should be better than
exit() I proposed before.
Peter Schiffer [Wed, 13 Jul 2011 12:50:41 +0000 (14:50 +0200)]
Fixed few findings from Coverity scan
In function cgroup_parse_rules() added missing check for getpwuid() result.
In cgroup_get_procs() added missing fclose() on file descriptor.
In load_list() added missing fclose() on file descriptor.
Signed-off-by: Peter Schiffer <pschiffe@redhat.com> Signed-off-by: Jan Safranek <jsafrane@redhat.com>
projects / thirdparty / libcgroup.git / log
