-diff -up libcgroup-0.41/src/api.c.coverity libcgroup-0.41/src/api.c
---- libcgroup-0.41/src/api.c.coverity 2014-01-13 20:52:49.853838149 +0100
-+++ libcgroup-0.41/src/api.c 2014-01-13 20:52:49.854838142 +0100
-@@ -2791,7 +2791,6 @@ static int cgroup_create_template_group(
- if (group_name == NULL) {
- ret = ECGOTHER;
- last_errno = errno;
-- free(template_name);
- goto end;
- }
-
-diff -up libcgroup-0.41/src/config.c.coverity libcgroup-0.41/src/config.c
---- libcgroup-0.41/src/config.c.coverity 2014-01-13 15:05:56.000000000 +0100
-+++ libcgroup-0.41/src/config.c 2014-01-13 20:52:49.854838142 +0100
-@@ -323,7 +323,7 @@ int config_group_task_perm(char *perm_ty
+diff --git a/src/config.c b/src/config.c
+index 3ffa263..b5d51b3 100644
+--- a/src/config.c
++++ b/src/config.c
+@@ -326,7 +326,7 @@ int config_group_task_perm(char *perm_type, char *value, int flag)
long val = atoi(value);
char buffer[CGROUP_BUFFER_LEN];
struct cgroup *config_cgroup;
switch (flag) {
case CGROUP:
-@@ -367,10 +367,10 @@ int config_group_task_perm(char *perm_ty
+@@ -370,10 +370,10 @@ int config_group_task_perm(char *perm_type, char *value, int flag)
if (!group)
goto group_task_error;
free(group);
goto group_task_error;
}
-@@ -436,7 +436,7 @@ int config_group_admin_perm(char *perm_t
+@@ -439,7 +439,7 @@ int config_group_admin_perm(char *perm_type, char *value, int flag)
struct cgroup *config_cgroup;
long val = atoi(value);
char buffer[CGROUP_BUFFER_LEN];
switch (flag) {
case CGROUP:
-@@ -479,10 +479,10 @@ int config_group_admin_perm(char *perm_t
+@@ -482,10 +482,10 @@ int config_group_admin_perm(char *perm_type, char *value, int flag)
if (!group)
goto admin_error;
free(group);
goto admin_error;
}
-diff -up libcgroup-0.41/src/daemon/cgrulesengd.c.coverity libcgroup-0.41/src/daemon/cgrulesengd.c
---- libcgroup-0.41/src/daemon/cgrulesengd.c.coverity 2014-01-13 15:05:56.000000000 +0100
-+++ libcgroup-0.41/src/daemon/cgrulesengd.c 2014-01-13 20:52:49.854838142 +0100
-@@ -646,7 +646,7 @@ close:
+diff --git a/src/daemon/cgrulesengd.c b/src/daemon/cgrulesengd.c
+index 4cef53e..90920d1 100644
+--- a/src/daemon/cgrulesengd.c
++++ b/src/daemon/cgrulesengd.c
+@@ -654,7 +654,7 @@ close:
static int cgre_create_netlink_socket_process_msg(void)
{
struct sockaddr_nl my_nla;
char buff[BUFF_SIZE];
int rc = -1;
-@@ -784,9 +784,9 @@ static int cgre_create_netlink_socket_pr
- }
-
- close_and_exit:
-- if (sk_nl > 0)
-+ if (sk_nl > -1)
- close(sk_nl);
-- if (sk_unix > 0)
-+ if (sk_unix > -1)
- close(sk_unix);
- return rc;
- }
-diff -upr libcgroup-0.40.rc1.orig/src/tools/lscgroup.c libcgroup-0.40.rc1/src/tools/lscgroup.c
---- libcgroup-0.40.rc1.orig/src/tools/lscgroup.c 2013-05-21 15:36:04.000000000 +0200
-+++ libcgroup-0.40.rc1/src/tools/lscgroup.c 2013-11-04 14:26:53.400473523 +0100
-@@ -97,11 +97,11 @@ static int display_controller_data(char
+diff --git a/src/tools/lscgroup.c b/src/tools/lscgroup.c
+index bfb1724..d15a0c2 100644
+--- a/src/tools/lscgroup.c
++++ b/src/tools/lscgroup.c
+@@ -96,11 +96,11 @@ static int display_controller_data(char *input_path, char *controller, char *nam
if (ret != 0)
return ret;
-diff -up libcgroup-0.41/src/api.c.fread libcgroup-0.41/src/api.c
---- libcgroup-0.41/src/api.c.fread 2014-01-13 21:01:32.067067615 +0100
-+++ libcgroup-0.41/src/api.c 2014-01-13 21:01:32.070067594 +0100
-@@ -2232,29 +2232,29 @@ static int cg_rd_ctrl_file(const char *s
+diff --git a/src/api.c b/src/api.c
+index 54a6736..1557393 100644
+--- a/src/api.c
++++ b/src/api.c
+@@ -2482,29 +2482,29 @@ static int cg_rd_ctrl_file(const char *subsys, const char *cgroup,
const char *file, char **value)
{
char path[FILENAME_MAX];
+ if (ctrl_file < 0)
return ECGROUPVALUENOTEXIST;
- *value = calloc(CG_VALUE_MAX, 1);
+ *value = calloc(CG_CONTROL_VALUE_MAX, 1);
if (!*value) {
- fclose(ctrl_file);
+ close(ctrl_file);
+ * using %as or fread crashes when we try to read from files like
* memory.stat
*/
-- ret = fread(*value, 1, CG_VALUE_MAX-1, ctrl_file);
-+ ret = read(ctrl_file, *value, CG_VALUE_MAX-1);
+- ret = fread(*value, 1, CG_CONTROL_VALUE_MAX-1, ctrl_file);
++ ret = read(ctrl_file, *value, CG_CONTROL_VALUE_MAX-1);
if (ret < 0) {
free(*value);
*value = NULL;
-@@ -2264,7 +2264,7 @@ static int cg_rd_ctrl_file(const char *s
+@@ -2514,7 +2514,7 @@ static int cg_rd_ctrl_file(const char *subsys, const char *cgroup,
(*value)[ret-1] = '\0';
}
+++ /dev/null
-From 94e9dcead2e8bce00deeef08ea364ec6dc7e1f45 Mon Sep 17 00:00:00 2001
-From: Michal Hocko <mhocko@suse.com>
-Date: Wed, 18 Jul 2018 11:24:29 +0200
-Subject: [PATCH] cgrulesengd: remove umask(0)
-
-One of our partners has noticed that cgred daemon is creating a log file
-(/var/log/cgred) with too wide permissions (0666) and that is seen as
-a security bug because an untrusted user can write to otherwise
-restricted area. CVE-2018-14348 has been assigned to this issue.
-
-Signed-off-by: Michal Hocko <mhocko@suse.com>
-Acked-by: Balbir Singh <bsingharora@gmail.com>
----
- src/daemon/cgrulesengd.c | 3 ---
- 1 file changed, 3 deletions(-)
-
-diff --git a/src/daemon/cgrulesengd.c b/src/daemon/cgrulesengd.c
-index 170837a..41aadd4 100644
---- a/src/daemon/cgrulesengd.c
-+++ b/src/daemon/cgrulesengd.c
-@@ -885,9 +885,6 @@ int cgre_start_daemon(const char *logp, const int logf,
- } else if (pid > 0) {
- exit(EXIT_SUCCESS);
- }
--
-- /* Change the file mode mask. */
-- umask(0);
- } else {
- flog(LOG_DEBUG, "Not using daemon mode\n");
- pid = getpid();
---
-2.17.1
-
+++ /dev/null
-From 72a9e0c3d4f8daca9f7dc389edbc1013d7c0d808 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Nikola=20Forr=C3=B3?= <nforro@redhat.com>
-Date: Fri, 8 Apr 2016 17:00:19 +0200
-Subject: [PATCH] api.c: fix order of memory subsystem parameters generated by
- cgsnapshot
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Order of parameters usually doesn't matter, but that's not the case with
-memory.limit_in_bytes and memory.memsw.limit_in_bytes. When the latter
-is first in the list of parameters, the resulting configuration is not
-loadable with cgconfigparser.
-
-This happens because when a cgroup is created, both memory.limit_in_bytes
-and memory.memsw.limit_in_bytes parameters are initialized to highest
-value possible (RESOURCE_MAX). And because memory.memsw.limit_in_bytes
-must be always higher or equal to memory.limit_in_bytes, it's impossible
-to change its value first.
-
-Make sure that after constructing parameter list of memory subsystem,
-the mentioned parameters are in correct order.
-
-Signed-off-by: Nikola Forró <nforro@redhat.com>
----
- src/api.c | 24 ++++++++++++++++++++++++
- 1 file changed, 24 insertions(+)
-
-diff --git a/src/api.c b/src/api.c
-index 0bf0615..f5da553 100644
---- a/src/api.c
-+++ b/src/api.c
-@@ -2651,6 +2651,30 @@ int cgroup_get_cgroup(struct cgroup *cgroup)
- }
- }
- closedir(dir);
-+
-+ if (! strcmp(cgc->name, "memory")) {
-+ /*
-+ * Make sure that memory.limit_in_bytes is placed before
-+ * memory.memsw.limit_in_bytes in the list of values
-+ */
-+ int memsw_limit = -1;
-+ int mem_limit = -1;
-+
-+ for (j = 0; j < cgc->index; j++) {
-+ if (! strcmp(cgc->values[j]->name,
-+ "memory.memsw.limit_in_bytes"))
-+ memsw_limit = j;
-+ else if (! strcmp(cgc->values[j]->name,
-+ "memory.limit_in_bytes"))
-+ mem_limit = j;
-+ }
-+
-+ if (memsw_limit >= 0 && memsw_limit < mem_limit) {
-+ struct control_value *val = cgc->values[memsw_limit];
-+ cgc->values[memsw_limit] = cgc->values[mem_limit];
-+ cgc->values[mem_limit] = val;
-+ }
-+ }
- }
-
- /* Check if the group really exists or not */
---
-2.4.11
-
+++ /dev/null
-From ad27a46d8c0e180f71b4606d7b2a3bd3bebd7bbf Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Nikola=20Forr=C3=B3?= <nforro@redhat.com>
-Date: Thu, 13 Oct 2016 13:42:30 +0200
-Subject: [PATCH] api.c: preserve dirty flag when copying controller values
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-When setting cgroup parameters with cgset fails, no error is reported.
-This is caused by the fact that cgroup_copy_controller_values is not
-preserving dirty flags of the values, so it's making all errors
-considered non-fatal.
-
-Signed-off-by: Nikola Forró <nforro@redhat.com>
----
- src/api.c | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/src/api.c b/src/api.c
-index 0bf0615..daf4ef0 100644
---- a/src/api.c
-+++ b/src/api.c
-@@ -1687,6 +1687,7 @@ static int cgroup_copy_controller_values(struct cgroup_controller *dst,
- dst_val = dst->values[i];
- strncpy(dst_val->value, src_val->value, CG_VALUE_MAX);
- strncpy(dst_val->name, src_val->name, FILENAME_MAX);
-+ dst_val->dirty = src_val->dirty;
- }
- err:
- return ret;
---
-2.7.4
-
+++ /dev/null
-From 691430206f1104b752b0e52386f317e639137788 Mon Sep 17 00:00:00 2001
-From: Jan Chaloupka <jchaloup@redhat.com>
-Date: Mon, 15 Sep 2014 13:29:39 +0200
-Subject: [PATCH] api.c: support for setting multiline values in control files
-
-As of now, libcgroup does not support multiline values setting from configuration files. i.e. values in a form:
-
-net_prio.ifpriomap="lo 7
-eth0 66
-eth1 5
-eth2 4
-eth3 3";
-
-Thus, setting of more network interfaces can not be done from configuration file. Or
-
-devices.allow="a *:* w
-c 8:* r";
-
-thus setting list of allow devices can not be set as well. The only way is to set it from userspace, e.g.:
-# echo "lo 7" > /sys/fs/cgroup/net_prio/testGroup/net_prio.ifpriomap
-# echo "eth 0" > /sys/fs/cgroup/net_prio/testGroup/net_prio.ifpriomap
-# echo "eth 1" > /sys/fs/cgroup/net_prio/testGroup/net_prio.ifpriomap
-# echo "eth 2" > /sys/fs/cgroup/net_prio/testGroup/net_prio.ifpriomap
-# echo "eth 3" > /sys/fs/cgroup/net_prio/testGroup/net_prio.ifpriomap
-
-This patch allows setting of multiline variables.
-
-How this support works:
-Multiline value is broken in lines and each line is set by write (man 2 write) syscall (without bufferring).
-This implies change of fopen with open, fclose with close.
-There is no control on multiline value, thus "eth0\n \t\n" can be set. However, setting
-of " \t" will fail as write command returns -1. Thus administrator has to set correct
-multiline values.
-
-Tested on virtual machine with fedora and rhel with network interface lo, eth0-eth3. Configuration file:
-
-# cat /etc/cgconfig.conf
-group testGroup {
- net_prio {
- net_prio.ifpriomap="lo 7
-eth0 66
-eth1 5
-eth2 4
-eth3 3";
- }
-}
-
-net_prio has to be created before:
-# modprobe netprio_cgroup
-# mkdir /sys/fs/cgroup/net_prio
-# mount -t cgroup -onet_prio none /sys/fs/cgroup/net_prio
-
-Changelog:
- test of success of strdup call
- free str_val before return (str_val is changing in while cycle,
- thus str_start_val points to the start of str_val before while)
-
-Signed-off-by: Jan Chaloupka <jchaloup@redhat.com>
----
- src/api.c | 50 ++++++++++++++++++++++++++++++++++++++++++++------
- 1 file changed, 44 insertions(+), 6 deletions(-)
-
-diff --git a/src/api.c b/src/api.c
-index 5751b8f..d6c9d3a 100644
---- a/src/api.c
-+++ b/src/api.c
-@@ -1495,13 +1495,18 @@ static int cg_create_control_group(const char *path)
- */
- static int cg_set_control_value(char *path, const char *val)
- {
-- FILE *control_file = NULL;
-+ int ctl_file;
-+ char *str_val;
-+ char *str_val_start;
-+ char *pos;
-+ size_t len;
-+
- if (!cg_test_mounted_fs())
- return ECGROUPNOTMOUNTED;
-
-- control_file = fopen(path, "r+e");
-+ ctl_file = open(path, O_RDWR | O_CLOEXEC);
-
-- if (!control_file) {
-+ if (ctl_file == -1) {
- if (errno == EPERM) {
- /*
- * We need to set the correct error value, does the
-@@ -1512,6 +1517,7 @@ static int cg_set_control_value(char *path, const char *val)
- */
- char *path_dir_end;
- char *tasks_path;
-+ FILE *control_file;
-
- path_dir_end = strrchr(path, '/');
- if (path_dir_end == NULL)
-@@ -1543,15 +1549,47 @@ static int cg_set_control_value(char *path, const char *val)
- return ECGROUPVALUENOTEXIST;
- }
-
-- if (fprintf(control_file, "%s", val) < 0) {
-+ /* Split the multiline value into lines. */
-+ /* One line is a special case of multiline value. */
-+ str_val = strdup(val);
-+ if (str_val == NULL) {
- last_errno = errno;
-- fclose(control_file);
-+ close(ctl_file);
- return ECGOTHER;
- }
-- if (fclose(control_file) < 0) {
-+
-+ str_val_start = str_val;
-+ pos = str_val;
-+
-+ do {
-+ str_val = pos;
-+ pos = strchr(str_val, '\n');
-+
-+ if (pos) {
-+ *pos = '\0';
-+ ++pos;
-+ }
-+
-+ len = strlen(str_val);
-+ if (len > 0) {
-+ if (write(ctl_file, str_val, len) == -1) {
-+ last_errno = errno;
-+ free(str_val_start);
-+ close(ctl_file);
-+ return ECGOTHER;
-+ }
-+ } else
-+ cgroup_warn("Warning: skipping empty line for %s\n",
-+ path);
-+ } while(pos);
-+
-+ if (close(ctl_file)) {
- last_errno = errno;
-+ free(str_val_start);
- return ECGOTHER;
- }
-+
-+ free(str_val_start);
- return 0;
- }
-
---
-1.9.3
-
+++ /dev/null
-From 62bab9d121d4fb416205f5ac53ad342184ae42b6 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Nikola=20Forr=C3=B3?= <nforro@redhat.com>
-Date: Tue, 8 Dec 2015 16:53:41 +0100
-Subject: [PATCH 2/6] api.c: fix infinite loop
-
-If getgrnam or getpwuid functions failed, the program entered
-an infinite loop, because the rule pointer was never advanced.
-This is now fixed by updating the pointer before continuing
-to the next iteration.
----
- src/api.c | 8 ++++++--
- 1 file changed, 6 insertions(+), 2 deletions(-)
-
-diff --git a/src/api.c b/src/api.c
-index df90a6f..217d6c9 100644
---- a/src/api.c
-+++ b/src/api.c
-@@ -2664,13 +2664,17 @@ static struct cgroup_rule *cgroup_find_matching_rule_uid_gid(uid_t uid,
- /* Get the group data. */
- sp = &(rule->username[1]);
- grp = getgrnam(sp);
-- if (!grp)
-+ if (!grp) {
-+ rule = rule->next;
- continue;
-+ }
-
- /* Get the data for UID. */
- usr = getpwuid(uid);
-- if (!usr)
-+ if (!usr) {
-+ rule = rule->next;
- continue;
-+ }
-
- /* If UID is a member of group, we matched. */
- for (i = 0; grp->gr_mem[i]; i++) {
---
-2.17.0
-
+++ /dev/null
-From 7c99c167f41d3f8810808436d2ac58afc3a7d6c7 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Nikola=20Forr=C3=B3?= <nforro@redhat.com>
-Date: Tue, 17 Apr 2018 13:33:03 +0200
-Subject: [PATCH 5/6] api.c: Fix level of failed user/group lookup warnings
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Signed-off-by: Nikola Forró <nforro@redhat.com>
----
- src/api.c | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/src/api.c b/src/api.c
-index 51081b4..efde2d1 100644
---- a/src/api.c
-+++ b/src/api.c
-@@ -639,7 +639,7 @@ static int cgroup_parse_rules(bool cache, uid_t muid,
- uid = CGRULE_INVALID;
- gid = grp->gr_gid;
- } else {
-- cgroup_dbg("Warning: Entry for %s not"
-+ cgroup_warn("Warning: Entry for %s not"
- "found. Skipping rule on line"
- " %d.\n", itr, linenum);
- skipped = true;
-@@ -656,7 +656,7 @@ static int cgroup_parse_rules(bool cache, uid_t muid,
- uid = pwd->pw_uid;
- gid = CGRULE_INVALID;
- } else {
-- cgroup_dbg("Warning: Entry for %s not"
-+ cgroup_warn("Warning: Entry for %s not"
- "found. Skipping rule on line"
- " %d.\n", user, linenum);
- skipped = true;
---
-2.17.0
-
+++ /dev/null
-From a8c2e967e74d280cd3b8554af0c95d823647d1c0 Mon Sep 17 00:00:00 2001
-From: Jan Chaloupka <jchaloup@redhat.com>
-Date: Thu, 6 Feb 2014 11:43:18 +0100
-Subject: [PATCH] lex updated, additional '\' char for ID token
-
----
- libcgroup-0.41/src/lex.l | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/libcgroup-0.41/src/lex.l b/libcgroup-0.41/src/lex.l
-index 1b357db..d7bf575 100644
---- a/libcgroup-0.41/src/lex.l
-+++ b/libcgroup-0.41/src/lex.l
-@@ -43,7 +43,7 @@ jmp_buf parser_error_env;
- "namespace" {return NAMESPACE;}
- "template" {return TEMPLATE;}
- "default" {return DEFAULT;}
--[a-zA-Z0-9_\-\/\.\,\%\@]+ {yylval.name = strdup(yytext); return ID;}
-+[a-zA-Z0-9_\-\/\.\,\%\@\\]+ {yylval.name = strdup(yytext); return ID;}
- \"[^"]*\" {yylval.name = strdup(yytext+1); yylval.name[strlen(yylval.name)-1] = '\0'; return ID; }
- . {return yytext[0];}
- %%
---
-1.8.5.3
-
+++ /dev/null
-From 9c80e2cb4bca26993a12027c46a274bb43645630 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Nikola=20Forr=C3=B3?= <nforro@redhat.com>
-Date: Wed, 22 Jun 2016 14:12:46 +0200
-Subject: [PATCH 3/6] api.c: fix potential buffer overflow
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-It is assumed that arguments read from /proc/<pid>/cmdline don't exceed
-buf_pname buffer size, which is FILENAME_MAX - 1 characters, but that's
-not always the case.
-
-Add check to prevent buffer overflow and discard the excessive part of
-an argument.
-
-Signed-off-by: Nikola Forró <nforro@redhat.com>
----
- src/api.c | 6 +++++-
- 1 file changed, 5 insertions(+), 1 deletion(-)
-
-diff --git a/src/api.c b/src/api.c
-index 217d6c9..4d98081 100644
---- a/src/api.c
-+++ b/src/api.c
-@@ -4065,13 +4065,17 @@ static int cg_get_procname_from_proc_cmdline(pid_t pid,
-
- while (c != EOF) {
- c = fgetc(f);
-- if ((c != EOF) && (c != '\0')) {
-+ if ((c != EOF) && (c != '\0') && (len < FILENAME_MAX - 1)) {
- buf_pname[len] = c;
- len++;
- continue;
- }
- buf_pname[len] = '\0';
-
-+ if (len == FILENAME_MAX - 1)
-+ while ((c != EOF) && (c != '\0'))
-+ c = fgetc(f);
-+
- /*
- * The taken process name from /proc/<pid>/status is
- * shortened to 15 characters if it is over. So the
---
-2.17.0
-
+++ /dev/null
-From 5a64a79144e58a62426a34ef51b14e891f042fa2 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Nikola=20Forr=C3=B3?= <nforro@redhat.com>
-Date: Tue, 17 Apr 2018 13:54:38 +0200
-Subject: [PATCH 6/6] Increase maximal size of controller values
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Maximal length of a controller value is determined by CG_VALUE_MAX,
-which is equal to 100. That is not sufficient in some cases.
-
-Add new constant CG_CONTROL_VALUE_MAX (to prevent breaking current API)
-and set it to 4096, which is usually equal to the amount of bytes that
-can be written to a sysctl file directly.
-
-Add warning message about exceeding the limit while parsing
-configuration file.
-
-Signed-off-by: Nikola Forró <nforro@redhat.com>
----
- src/api.c | 6 +++---
- src/libcgroup-internal.h | 5 ++++-
- src/tools/cgset.c | 4 ++--
- src/wrapper.c | 17 ++++++++++++-----
- 4 files changed, 21 insertions(+), 11 deletions(-)
-
-diff --git a/src/api.c b/src/api.c
-index efde2d1..1cd30df 100644
---- a/src/api.c
-+++ b/src/api.c
-@@ -1561,7 +1561,7 @@ static int cgroup_copy_controller_values(struct cgroup_controller *dst,
- }
-
- dst_val = dst->values[i];
-- strncpy(dst_val->value, src_val->value, CG_VALUE_MAX);
-+ strncpy(dst_val->value, src_val->value, CG_CONTROL_VALUE_MAX);
- strncpy(dst_val->name, src_val->name, FILENAME_MAX);
- dst_val->dirty = src_val->dirty;
- }
-@@ -2286,7 +2286,7 @@ static int cg_rd_ctrl_file(const char *subsys, const char *cgroup,
- if (ctrl_file < 0)
- return ECGROUPVALUENOTEXIST;
-
-- *value = calloc(CG_VALUE_MAX, 1);
-+ *value = calloc(CG_CONTROL_VALUE_MAX, 1);
- if (!*value) {
- close(ctrl_file);
- last_errno = errno;
-@@ -2297,7 +2297,7 @@ static int cg_rd_ctrl_file(const char *subsys, const char *cgroup,
- * using %as or fread crashes when we try to read from files like
- * memory.stat
- */
-- ret = read(ctrl_file, *value, CG_VALUE_MAX-1);
-+ ret = read(ctrl_file, *value, CG_CONTROL_VALUE_MAX-1);
- if (ret < 0) {
- free(*value);
- *value = NULL;
-diff --git a/src/libcgroup-internal.h b/src/libcgroup-internal.h
-index 4c0f46c..3a8e336 100644
---- a/src/libcgroup-internal.h
-+++ b/src/libcgroup-internal.h
-@@ -32,6 +32,9 @@ __BEGIN_DECLS
- /* Estimated number of groups created */
- #define MAX_GROUP_ELEMENTS 128
-
-+/* Maximum length of a value */
-+#define CG_CONTROL_VALUE_MAX 4096
-+
- #define CG_NV_MAX 100
- #define CG_CONTROLLER_MAX 100
- /* Max number of mounted hierarchies. Event if one controller is mounted per
-@@ -73,7 +76,7 @@ __BEGIN_DECLS
-
- struct control_value {
- char name[FILENAME_MAX];
-- char value[CG_VALUE_MAX];
-+ char value[CG_CONTROL_VALUE_MAX];
- bool dirty;
- };
-
-diff --git a/src/tools/cgset.c b/src/tools/cgset.c
-index ea9f90d..3d3c8cc 100644
---- a/src/tools/cgset.c
-+++ b/src/tools/cgset.c
-@@ -151,8 +151,8 @@ int main(int argc, char *argv[])
- goto err;
- }
-
-- strncpy(name_value[nv_number].value, buf, CG_VALUE_MAX);
-- name_value[nv_number].value[CG_VALUE_MAX-1] = '\0';
-+ strncpy(name_value[nv_number].value, buf, CG_CONTROL_VALUE_MAX);
-+ name_value[nv_number].value[CG_CONTROL_VALUE_MAX-1] = '\0';
-
- nv_number++;
- break;
-diff --git a/src/wrapper.c b/src/wrapper.c
-index c03472a..0952823 100644
---- a/src/wrapper.c
-+++ b/src/wrapper.c
-@@ -132,10 +132,10 @@ int cgroup_add_value_string(struct cgroup_controller *controller,
- if (!controller)
- return ECGINVAL;
-
-- if (controller->index >= CG_VALUE_MAX)
-+ if (controller->index >= CG_NV_MAX)
- return ECGMAXVALUESEXCEEDED;
-
-- for (i = 0; i < controller->index && i < CG_VALUE_MAX; i++) {
-+ for (i = 0; i < controller->index && i < CG_NV_MAX; i++) {
- if (!strcmp(controller->values[i]->name, name))
- return ECGVALUEEXISTS;
- }
-@@ -145,8 +145,15 @@ int cgroup_add_value_string(struct cgroup_controller *controller,
- if (!cntl_value)
- return ECGCONTROLLERCREATEFAILED;
-
-- strncpy(cntl_value->name, name, sizeof(cntl_value->name));
-- strncpy(cntl_value->value, value, sizeof(cntl_value->value));
-+ if (strlen(value) >= sizeof(cntl_value->value)) {
-+ fprintf(stderr, "value exceeds the maximum of %d characters\n",
-+ sizeof(cntl_value->value));
-+ free(cntl_value);
-+ return ECGCONFIGPARSEFAIL;
-+ }
-+
-+ strncpy(cntl_value->name, name, sizeof(cntl_value->name) - 1);
-+ strncpy(cntl_value->value, value, sizeof(cntl_value->value) - 1);
- cntl_value->dirty = true;
- controller->values[controller->index] = cntl_value;
- controller->index++;
-@@ -356,7 +363,7 @@ int cgroup_set_value_string(struct cgroup_controller *controller,
- for (i = 0; i < controller->index; i++) {
- struct control_value *val = controller->values[i];
- if (!strcmp(val->name, name)) {
-- strncpy(val->value, value, CG_VALUE_MAX);
-+ strncpy(val->value, value, CG_CONTROL_VALUE_MAX - 1);
- val->dirty = true;
- return 0;
- }
---
-2.17.0
-
+++ /dev/null
-From 437b68f34c459d136c806e61dafb5825d2f97170 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Nikola=20Forr=C3=B3?= <nforro@redhat.com>
-Date: Tue, 17 Apr 2018 13:32:28 +0200
-Subject: [PATCH 4/6] api.c: Show warning when tasks file can not be opened
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Signed-off-by: Nikola Forró <nforro@redhat.com>
----
- src/api.c | 12 ++++++++----
- 1 file changed, 8 insertions(+), 4 deletions(-)
-
-diff --git a/src/api.c b/src/api.c
-index 4d98081..51081b4 100644
---- a/src/api.c
-+++ b/src/api.c
-@@ -1190,12 +1190,15 @@ static int __cgroup_attach_task_pid(char *path, pid_t tid)
- if (!tasks) {
- switch (errno) {
- case EPERM:
-- return ECGROUPNOTOWNER;
-+ ret = ECGROUPNOTOWNER;
-+ break;
- case ENOENT:
-- return ECGROUPNOTEXIST;
-+ ret = ECGROUPNOTEXIST;
-+ break;
- default:
-- return ECGROUPNOTALLOWED;
-+ ret = ECGROUPNOTALLOWED;
- }
-+ goto err;
- }
- ret = fprintf(tasks, "%d", tid);
- if (ret < 0) {
-@@ -1214,7 +1217,8 @@ static int __cgroup_attach_task_pid(char *path, pid_t tid)
- err:
- cgroup_warn("Warning: cannot write tid %d to %s:%s\n",
- tid, path, strerror(errno));
-- fclose(tasks);
-+ if (tasks)
-+ fclose(tasks);
- return ret;
- }
-
---
-2.17.0
-
Summary: Tools and library to control and monitor control groups
Summary(pl.UTF-8): Narzędzia i biblioteka do kontrolowania i monitorowania grup kontroli
Name: libcgroup
-Version: 0.41
-Release: 5
+Version: 0.42.2
+Release: 1
License: LGPL v2+
Group: Applications/System
-Source0: http://downloads.sourceforge.net/libcg/%{name}-%{version}.tar.bz2
-# Source0-md5: 3dea9d50b8a5b73ff0bf1cdcb210f63f
+#Source0Download: https://github.com/libcgroup/libcgroup/releases
+Source0: https://github.com/libcgroup/libcgroup/releases/download/v%{version}/%{name}-%{version}.tar.bz2
+# Source0-md5: 8311f5ea60c99756533fea40ee2e8a85
Source1: cgconfig.init
Source2: cgred.init
Source3: cgconfig.service
Patch4: %{name}-0.40.rc1-coverity.patch
Patch5: %{name}-0.40.rc1-fread.patch
Patch6: %{name}-0.40.rc1-templates-fix.patch
-Patch7: %{name}-0.41-api.c-fix-order-of-memory-subsystem-parameters.patch
-Patch8: %{name}-0.41-api.c-preserve-dirty-flag.patch
-Patch9: %{name}-0.41-api.c-support-for-setting-multiline-values-in-contro.patch
-Patch10: %{name}-0.41-change-cgroup-of-threads.patch
-Patch11: %{name}-0.41-CVE-2018-14348.patch
-Patch12: %{name}-0.41-fix-infinite-loop.patch
-Patch13: %{name}-0.41-fix-log-level.patch
-Patch14: %{name}-0.41-lex.patch
-Patch15: %{name}-0.41-prevent-buffer-overflow.patch
-Patch16: %{name}-0.41-size-of-controller-values.patch
-Patch17: %{name}-0.41-tasks-file-warning.patch
+Patch7: %{name}-0.41-change-cgroup-of-threads.patch
URL: http://libcg.sourceforge.net/
-BuildRequires: autoconf >= 2.61
+BuildRequires: autoconf >= 2.69
BuildRequires: automake
BuildRequires: bison
BuildRequires: flex
BuildRequires: libstdc++-devel
-BuildRequires: libtool
+BuildRequires: libtool >= 2:2
BuildRequires: pam-devel
BuildRequires: python-devel >= 2
BuildRequires: rpmbuild(macros) >= 1.626
%patch5 -p1
%patch6 -p1
%patch7 -p1
-%patch8 -p1
-%patch9 -p1
-%patch10 -p1
-%patch11 -p1
-%patch12 -p1
-%patch13 -p1
-%patch14 -p2
-%patch15 -p1
-%patch16 -p1
-%patch17 -p1
%build
%{__libtoolize}
%{__automake}
%configure \
--disable-silent-rules \
+ --disable-static \
--enable-bindings \
--enable-initscript-install \
--enable-opaque-hierarchy="name=systemd" \
cp -p %{SOURCE5} $RPM_BUILD_ROOT/etc/sysconfig/cgred
cp -a samples/cg{config,rules,snapshot_blacklist}.conf $RPM_BUILD_ROOT%{_sysconfdir}
-mv $RPM_BUILD_ROOT%{_libdir}/libcgroup.so.* $RPM_BUILD_ROOT/%{_lib}
+%{__mv} $RPM_BUILD_ROOT%{_libdir}/libcgroup.so.* $RPM_BUILD_ROOT/%{_lib}
ln -snf ../../%{_lib}/$(basename $RPM_BUILD_ROOT/%{_lib}/libcgroup.so.*.*.*) $RPM_BUILD_ROOT%{_libdir}/libcgroup.so
+%{__rm} $RPM_BUILD_ROOT%{_libdir}/libcgroupfortesting.*
+
install -d $RPM_BUILD_ROOT%{py_sitedir}
%{__mv} $RPM_BUILD_ROOT%{_libdir}/_libcgroup.so $RPM_BUILD_ROOT%{py_sitedir}
%{__rm} $RPM_BUILD_ROOT/%{_lib}/security/pam_cgroup.la
projects / packages / libcgroup.git / commitdiff