1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
|
diff -ur libcgroup-0.37/doc/man/cgconfig.conf.5 libcgroup-0.37-mode/doc/man/cgconfig.conf.5
--- libcgroup-0.37/doc/man/cgconfig.conf.5 2010-12-07 16:42:41.000000000 +0100
+++ libcgroup-0.37-mode/doc/man/cgconfig.conf.5 2011-02-09 19:11:47.076601002 +0100
@@ -111,12 +111,15 @@
.ft B
uid = <task user>;
gid = <task group>;
+mode = <task mode>;
.RE
}
admin {
.RS
uid = <admin name>;
gid = <admin group>;
+dmode = <admin directory mode>;
+fmode = <admin files mode>;
.RE
}
.RE
@@ -133,10 +136,19 @@
file of the control group. I.e. this user and members of this
group has write access to the file.
.TP 17
+.B "task mode"
+Permission mode of \fItasks\fR file of the control group.
+The mode have to be set using octal numbers e.g. 640.
+.TP 17
.B "admin user/group"
Name of the user and the group, which owns the rest of control group's
files. These users are allowed to set subsystem
parameters and create subgroups.
+.TP 17
+.B "admin dmode/fmode"
+Permission mode of control group's directory (\fIdmode\fR) and files
+(\fIfmode\fR). The mode have to be set using octal numbers e.g. 775
+for \fIdmode\fR and 664 for \fIfmode\fR.
.LP
Permissions are related only to enclosing control group and are not
inherited by subgroups. If there is no
diff -ur libcgroup-0.37/src/api.c libcgroup-0.37-mode/src/api.c
--- libcgroup-0.37/src/api.c 2010-12-07 16:42:41.000000000 +0100
+++ libcgroup-0.37-mode/src/api.c 2011-02-09 18:57:25.455591513 +0100
@@ -1409,6 +1409,10 @@
cgroup_dbg("Changing ownership of %s\n", fts_path[0]);
error = cg_chown_recursive(fts_path,
cgroup->control_uid, cgroup->control_gid);
+ if (!error)
+ error = cg_chmod_recursive(cgroup,
+ cgroup->control_dmode, cgroup->control_dmode,
+ cgroup->control_fmode, cgroup->control_fmode);
}
if (error)
@@ -1458,6 +1462,13 @@
if (error) {
last_errno = errno;
error = ECGOTHER;
+ goto err;
+ }
+ if (cgroup->tasks_mode != 0)
+ error = chmod(path, cgroup->tasks_mode);
+ if (error) {
+ last_errno = errno;
+ error = ECGOTHER;
goto err;
}
}
diff -ur libcgroup-0.37/src/config.c libcgroup-0.37-mode/src/config.c
--- libcgroup-0.37/src/config.c 2010-12-07 16:42:41.000000000 +0100
+++ libcgroup-0.37-mode/src/config.c 2011-02-09 18:59:15.330591502 +0100
@@ -226,6 +226,29 @@
}
config_cgroup->tasks_gid = val;
}
+ if (!strcmp(perm_type, "mode")) {
+ /* allowed mode strings are octal version: "755" */
+ mode_t mode = 0;
+ int pos = 0; /* position of the number iin string */
+ int i;
+ int j = 64;
+
+ while (pos < 3) {
+ if (value[pos] < '0' || value[pos] >= '8')
+ goto group_task_error;
+ i = (int)value[pos] - (int)'0';
+ /* parse the permission triple*/
+ mode = mode + i*j;
+ j = j / 8;
+ pos++;
+ }
+
+ /* the string have to contain three characters */
+ if (value[pos] != '\0')
+ goto group_task_error;
+
+ config_cgroup->tasks_mode = mode;
+ }
free(perm_type);
free(value);
@@ -292,6 +315,52 @@
}
config_cgroup->control_gid = val;
}
+ if (!strcmp(perm_type, "dmode")) {
+ /* allowed mode strings are octal version: "755" */
+ mode_t mode = 0;
+ int pos = 0; /* position of the number iin string */
+ int i;
+ int j = 64;
+
+ while (pos < 3) {
+ if (value[pos] < '0' || value[pos] >= '8')
+ goto admin_error;
+ i = (int)value[pos] - (int)'0';
+ /* parse the permission triple*/
+ mode = mode + i*j;
+ j = j / 8;
+ pos++;
+ }
+
+ /* the string have to contain three characters */
+ if (value[pos] != '\0')
+ goto admin_error;
+
+ config_cgroup->control_dmode = mode;
+ }
+ if (!strcmp(perm_type, "fmode")) {
+ /* allowed mode strings are octal version: "755" */
+ mode_t mode = 0;
+ int pos = 0; /* position of the number iin string */
+ int i;
+ int j = 64;
+
+ while (pos < 3) {
+ if (value[pos] < '0' || value[pos] >= '8')
+ goto admin_error;
+ i = (int)value[pos] - (int)'0';
+ /* parse the permission triple*/
+ mode = mode + i*j;
+ j = j / 8;
+ pos++;
+ }
+
+ /* the string have to contain three characters */
+ if (value[pos] != '\0')
+ goto admin_error;
+
+ config_cgroup->control_fmode = mode;
+ }
free(perm_type);
free(value);
diff -ur libcgroup-0.37/src/libcgroup-internal.h libcgroup-0.37-mode/src/libcgroup-internal.h
--- libcgroup-0.37/src/libcgroup-internal.h 2010-10-20 15:59:13.000000000 +0200
+++ libcgroup-0.37-mode/src/libcgroup-internal.h 2011-02-09 19:14:13.803601030 +0100
@@ -84,8 +84,11 @@
int index;
uid_t tasks_uid;
gid_t tasks_gid;
+ mode_t tasks_mode;
uid_t control_uid;
gid_t control_gid;
+ mode_t control_dmode;
+ mode_t control_fmode;
};
|
