diff options
author | Patrick J Volkerding <volkerdi@slackware.com> | 2018-06-12 05:02:45 +0000 |
---|---|---|
committer | Eric Hameleers <alien@slackware.com> | 2018-06-12 20:58:07 +0200 |
commit | 2c20c6847e0caa3b62f6e5a0506790393c141932 (patch) | |
tree | 5cbe54a04fa072a3719d68f109ebbff54fc87037 /source/a/libcgroup | |
parent | 548843b225f281a8d0583e3bf1ee77ac57d648a3 (diff) | |
download | current-2c20c6847e0caa3b62f6e5a0506790393c141932.tar.gz current-2c20c6847e0caa3b62f6e5a0506790393c141932.tar.xz |
Tue Jun 12 05:02:45 UTC 201820180612050245
a/kernel-firmware-20180606_d114732-noarch-1.txz: Upgraded.
a/kernel-generic-4.14.49-x86_64-1.txz: Upgraded.
a/kernel-huge-4.14.49-x86_64-1.txz: Upgraded.
a/kernel-modules-4.14.49-x86_64-1.txz: Upgraded.
a/libcgroup-0.41-x86_64-4.txz: Rebuilt.
Apply all post 0.41 patches from git, including one for an infinite loop
bug that causes 100% CPU usage on one core. Thanks to chris.willing.
a/pkgtools-15.0-noarch-17.txz: Rebuilt.
installpkg: Use terse mode if TERSE=0 is set in the environment (this already
works for removepkg and upgradepkg). This allows using terse mode in other
tools that use the pkgtools (such as slackpkg with: TERSE=0 slackpkg).
Thanks to Xsane.
ap/hplip-3.18.6-x86_64-1.txz: Upgraded.
d/kernel-headers-4.14.49-x86-1.txz: Upgraded.
k/kernel-source-4.14.49-noarch-1.txz: Upgraded.
GPIO_AMDPT n -> m (thanks to walecha)
NFSD_V3_ACL n -> y (thanks to Jonathan Woithe)
NFS_V3_ACL n -> y (thanks to Jonathan Woithe)
NFS_V4_2 n -> y
+NFSD_V2_ACL y
+NFS_ACL_SUPPORT y
+NFS_V4_SECURITY_LABEL y
l/LibRaw-0.18.12-x86_64-1.txz: Upgraded.
This update fixes bugs and security issues, including:
parse_qt: possible integer overflow
reject broken/crafted NOKIARAW files
recover read position if TIFF/EXIF tag is too long
possible infinite loop in parse_minolta()
possible stack overrun in X3F parser
out of bounds read in X3F parser
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13735
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14265
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10528
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10529
(* Security fix *)
l/dconf-0.26.1-x86_64-3.txz: Rebuilt.
Eliminate install script noise.
l/dconf-editor-3.26.2-x86_64-3.txz: Rebuilt.
Eliminate install script noise.
n/iproute2-4.17.0-x86_64-1.txz: Upgraded.
x/wqy-zenhei-font-ttf-0.8.38_1-noarch-7.txz: Rebuilt.
Try to avoid overriding other font choices unless lang = zh-cn or zh-sg.
x/xkbcomp-1.4.2-x86_64-1.txz: Upgraded.
isolinux/initrd.img: Rebuilt.
kernels/*: Upgraded.
usb-and-pxe-installers/usbboot.img: Rebuilt.
Diffstat (limited to 'source/a/libcgroup')
-rwxr-xr-x | source/a/libcgroup/libcgroup.SlackBuild | 7 | ||||
-rw-r--r-- | source/a/libcgroup/libcgroup.loop.diff | 1595 |
2 files changed, 1601 insertions, 1 deletions
diff --git a/source/a/libcgroup/libcgroup.SlackBuild b/source/a/libcgroup/libcgroup.SlackBuild index d059f378f..6a5185a75 100755 --- a/source/a/libcgroup/libcgroup.SlackBuild +++ b/source/a/libcgroup/libcgroup.SlackBuild @@ -24,7 +24,7 @@ cd $(dirname $0) ; CWD=$(pwd) PKGNAM=libcgroup VERSION=${VERSION:-$(echo $PKGNAM-*.tar.?z* | rev | cut -f 3- -d . | cut -f 1 -d - | rev)} -BUILD=${BUILD:-3} +BUILD=${BUILD:-4} # Automatically determine the architecture we're building on: if [ -z "$ARCH" ]; then @@ -77,6 +77,9 @@ zcat $CWD/libcgroup.init.diff.gz | patch -p1 --verbose || exit 1 # Slackware does not use /etc/sysconfig: zcat $CWD/libcgroup.conf.diff.gz | patch -p1 --verbose || exit 1 +# Apply combined patches from git, including for an infinate loop bug: +zcat $CWD/libcgroup.loop.diff.gz | patch -p1 --verbose || exit 1 + chown -R root:root . find . \ \( -perm 777 -o -perm 775 -o -perm 711 -o -perm 555 -o -perm 511 \) \ @@ -84,6 +87,8 @@ find . \ \( -perm 666 -o -perm 664 -o -perm 600 -o -perm 444 -o -perm 440 -o -perm 400 \) \ -exec chmod 644 {} \; +autoreconf -vif + # Configure: CFLAGS="$SLKCFLAGS" \ ./configure \ diff --git a/source/a/libcgroup/libcgroup.loop.diff b/source/a/libcgroup/libcgroup.loop.diff new file mode 100644 index 000000000..3d6ac83f5 --- /dev/null +++ b/source/a/libcgroup/libcgroup.loop.diff @@ -0,0 +1,1595 @@ +diff --git a/doc/man/cgclassify.1 b/doc/man/cgclassify.1 +index db4e086..1facd2b 100644 +--- a/doc/man/cgclassify.1 ++++ b/doc/man/cgclassify.1 +@@ -57,7 +57,25 @@ controls verbosity of the tool. Allowed values are \fBDEBUG\fR, + .TP + .B /etc/cgrules.conf + default libcgroup configuration file ++.TP ++.B /etc/cgrules.d ++default libcgroup configuration files directory ++ ++.SH EXAMPLES ++.TP ++.B cgclassify -g cpu:student 1234 ++moves process with pid number 1234 to control group student in cpu hierarchy. + ++.TP ++.B cgclassify 1234 ++moves process with pid number 1234 to control groups based on ++\fB/etc/cgrules.conf\fR configuration file. ++ ++.TP ++.B cgclassify --sticky -g cpu:/student 1234 ++moves process with pid number 1234 to control group student in cpu hierarchy. ++The daemon of service cgred does not change cgroups of pid 1234 and its children ++(based on \fB/etc/cgrules.conf\fR). + + .SH SEE ALSO + cgrules.conf (5), cgexec (1) +diff --git a/doc/man/cgclear.1 b/doc/man/cgclear.1 +index 318c925..241a095 100644 +--- a/doc/man/cgclear.1 ++++ b/doc/man/cgclear.1 +@@ -43,5 +43,24 @@ option works only with \fB-l\fR or \fB-L\fR options. + controls verbosity of the tool. Allowed values are \fBDEBUG\fR, + \fBINFO\fR, \fBWARNING\fR or \fBERROR\fR. + ++.SH FILES ++.TP ++.B /etc/cgconfig.conf ++default templates file ++.TP ++.B /etc/cgconfig.d/ ++default templates files directory ++.RE ++ ++ ++.SH EXAMPLES ++.TP ++.B cgclear ++unload the whole cgroup filesystem ++ ++.TP ++.B cgclear -l /etc/cgconfig.conf ++unload a subsystem of cgroup filesystem based on \fB/etc/cgconfig.conf\fR definition. ++ + .SH SEE ALSO +-cgconfigparser(1) ++cgconfigparser(1), cgconfig.conf(5) +diff --git a/doc/man/cgconfig.conf.5 b/doc/man/cgconfig.conf.5 +index be80e4e..f3a4ba9 100644 +--- a/doc/man/cgconfig.conf.5 ++++ b/doc/man/cgconfig.conf.5 +@@ -251,6 +251,9 @@ Templates does not use + .B default + section settings. + ++.I /etc/cgconfig.d/ ++directory can be used for additional configuration files. cgrulesengd searches this directory for additional templates. ++ + .\"********************************************" + .SH EXAMPLES + .LP +@@ -781,13 +784,12 @@ better to explicitly specify all groups and all controllers + related to them. + + .SH FILES +-.LP +-.PD .1v +-.TP 20 +-.B /etc/cgconfig.conf + .TP ++.B /etc/cgconfig.conf + default libcgroup configuration file +-.PD ++.TP ++.B /etc/cgconfig.d/ ++default libcgroup configuration files directory + + .SH SEE ALSO + cgconfigparser (8) +diff --git a/doc/man/cgconfigparser.8 b/doc/man/cgconfigparser.8 +index 0a20f95..8fff95f 100644 +--- a/doc/man/cgconfigparser.8 ++++ b/doc/man/cgconfigparser.8 +@@ -74,5 +74,19 @@ of this group have write access to the file. + controls verbosity of the tool. Allowed values are \fBDEBUG\fR, + \fBINFO\fR, \fBWARNING\fR or \fBERROR\fR. + ++.SH FILES ++.TP ++.B /etc/cgconfig.conf ++default libcgroup configuration file ++.TP ++.B /etc/cgconfig.d/ ++default libcgroup configuration files directory ++ ++.SH EXAMPLES ++.TP ++.B cgconfigparser -l /etc/cgconfig.conf ++setup control group file system based on \fB/etc/cgconfig.conf\fR configuration file ++ ++ + .SH SEE ALSO + cgconfig.conf (5) +diff --git a/doc/man/cgcreate.1 b/doc/man/cgcreate.1 +index 7068073..6ec1b27 100644 +--- a/doc/man/cgcreate.1 ++++ b/doc/man/cgcreate.1 +@@ -38,7 +38,8 @@ others permissions to the owners permissions). + .TP + .B -g <controllers>:<path> + defines control groups to be added. +-\fBcontrollers\fR is a list of controllers and ++\fBcontrollers\fR is a list of controllers. Character "*" can be used ++as a shortcut for "all mounted controllers". + \fBpath\fR is the relative path to control groups + in the given controllers list. This option can be specified + multiple times. +@@ -69,9 +70,16 @@ The default value is the same as has the parent cgroup. + controls verbosity of the tool. Allowed values are \fBDEBUG\fR, + \fBINFO\fR, \fBWARNING\fR or \fBERROR\fR. + +-.SH FILES ++.SH EXAMPLES ++.TP ++.B cgcreate -g *:student devices:teacher ++create control group student in all mounted hierarchies and create ++control group teacher in hierarchy containing controller devices. ++ ++ ++ + + .SH SEE ALSO + cgrules.conf (5) + cgexec (1) +-cgclassify (1) ++cgclassify (1) +\ No newline at end of file +diff --git a/doc/man/cgdelete.1 b/doc/man/cgdelete.1 +index 025a799..9572287 100644 +--- a/doc/man/cgdelete.1 ++++ b/doc/man/cgdelete.1 +@@ -16,7 +16,7 @@ program removes all specified control groups. + + .TP + .B [-g] <controllers>:<path> +-Defines the control group to delete. Multiple control groups nay be ++Defines the control group to delete. Multiple control groups may be + specified. + .B -g + is optional. +@@ -35,5 +35,11 @@ Recursively remove all subgroups. + controls verbosity of the tool. Allowed values are \fBDEBUG\fR, + \fBINFO\fR, \fBWARNING\fR or \fBERROR\fR. + ++.SH EXAMPLES ++.TP ++.B cgdelete -g cpu,devices:/test ++remove control group test from hierarchies containing cpu and device controllers ++ ++ + .SH SEE ALSO + cgcreate (1), lscgroup (1), cgclear (1) +diff --git a/doc/man/cgred.conf.5 b/doc/man/cgred.conf.5 +index 3fe760f..1c0922f 100644 +--- a/doc/man/cgred.conf.5 ++++ b/doc/man/cgred.conf.5 +@@ -42,7 +42,7 @@ default libcgroup configuration file + + .SH SEE ALSO + cgrules.conf (5), +-cgconfig.conf (5) ++cgconfig.conf (5), cgrules.d (5) + + + +diff --git a/doc/man/cgrules.conf.5 b/doc/man/cgrules.conf.5 +index 7a89fb5..2d434e7 100644 +--- a/doc/man/cgrules.conf.5 ++++ b/doc/man/cgrules.conf.5 +@@ -85,7 +85,7 @@ configuration file. See (\fBcgconfig.conf\fR (5)). + If the template definition is not found there created group have default + kernel setting. + +- ++To create a hierarchy of configuration files, use \fB/etc/cgrules.d\fR directory. + + .SH EXAMPLES + .nf +@@ -136,13 +136,19 @@ process. + .PD .1v + .TP 20 + .B /etc/cgrules.conf +-.TP ++.RS 6 + default libcgroup configuration file +-.PD . ++.RE ++.TP 20 ++.B /etc/cgrules.d ++.RS 6 ++default libcgroup configuration files directory ++.RE ++.PD + + + .SH SEE ALSO +-cgconfig.conf (5), cgclassify (1), cgred.conf (5) ++cgconfig.conf (5), cgclassify (1), cgred.conf (5), cgrules.d (5) + + .SH BUGS + +diff --git a/doc/man/cgrules.d.5 b/doc/man/cgrules.d.5 +new file mode 100644 +index 0000000..37717de +--- /dev/null ++++ b/doc/man/cgrules.d.5 +@@ -0,0 +1,50 @@ ++.\" Copyright (C) 2014 Red Hat, Inc. All Rights Reserved. ++.\" Written by Jan Chaloupka <jchaloup@redhat.com> ++ ++.TH CGRULES.D 5 2014-07-14 "Linux" "libcgroup Manual" ++.SH NAME ++cgrules.d \- libcgroup configuration files directory ++.SH DESCRIPTION ++.B "cgrules.d" ++configuration files directory is used by ++.B libcgroups ++and contains additional configuration files with the same syntax as ++\fBcgconfig.conf\fR (5). ++ ++Files are parsed in an arbitrary order. ++If the cache is disabled, the searching algorithm of \fBcgrulesengd\fR (8) ++tries the first match. ++If there are two rules which match the criteria for a given process, ++and each rule is in a separate file, then there is no guarantee which one ++is chosen. If you want to control the given order of the rules, put them ++in one configuration file. ++ ++ ++\fB/etc/cgconfig.conf\fR is parsed as the first file. After success, ++all files from /etc/cgconfig.d are parsed as well (in an arbitrary order). ++If some file from the directory ends up with a parsing error, ++the process is stopped. With cache enabled, all successfully processed ++rules ++are kept in the cache. With cache disabled, ++matching is stopped and ends with a 'not found' result. ++ ++If \fB/etc/cgrules.d\fR is empty, \fBcgrulesengd\fR (8) acts ++in a backwards compatibility mode. ++ ++.SH FILES ++.LP ++.PD .1v ++.TP 20 ++.B /etc/cgrules.d ++.RS 4 ++default libcgroup configuration files directory ++.RE ++.B /etc/cgconfig.conf ++.RS 4 ++default libcgroup configuration file ++.RE ++.PD . ++ ++ ++.SH SEE ALSO ++cgconfig.conf (5), cgrulesengd (8) +diff --git a/doc/man/cgrulesengd.8 b/doc/man/cgrulesengd.8 +index 2e89c5b..cf45611 100644 +--- a/doc/man/cgrulesengd.8 ++++ b/doc/man/cgrulesengd.8 +@@ -10,10 +10,11 @@ cgrulesengd \- control group rules daemon + .SH DESCRIPTION + \fBcgrulesengd\fR is a daemon, which distributes processes to control groups. When + any process changes its effective UID or GID, \fBcgrulesengd\fR inspects the list +-of rules loaded from the \fIcgrules.conf\fR file and moves the process to +-the appropriate control group. ++of rules loaded from the \fIcgrules.conf\fR file and files in \fIcgrules.d\fR ++(see \fBcgrules.d\fR (5) for potential conflicts) directory ++and moves the process to the appropriate control group. + +-The list of rules is read during the daemon startup is are cached in the daemon's memory. ++The list of rules is read during the daemon startup and cached in the daemon's memory. + The daemon reloads the list of rules when it receives SIGUSR2 signal. + The daemon reloads the list of templates when it receives SIGUSR1 signal. + +@@ -63,12 +64,21 @@ controls verbosity of the tool. Allowed values are \fBDEBUG\fR, + \fBINFO\fR, \fBWARNING\fR or \fBERROR\fR. + + .SH FILES +-.LP +-.PD .1v +-.TP 20 ++.TP + .B /etc/cgrules.conf ++default libcgroup configuration file ++ ++.TP ++.B /etc/cgrules.d ++default libcgroup configuration files directory ++ ++.TP ++.B /etc/cgconfig.conf ++default templates file ++ + .TP +-the default libcgroup configuration file ++.B /etc/cgconfig.d ++default templates directory + + .SH SEE ALSO +-cgrules.conf (5) ++cgrules.conf (5), cgrules.d (5) +diff --git a/doc/man/cgset.1 b/doc/man/cgset.1 +index be886c6..b05473f 100644 +--- a/doc/man/cgset.1 ++++ b/doc/man/cgset.1 +@@ -36,5 +36,16 @@ copied to the input cgroup. + controls verbosity of the tool. Allowed values are \fBDEBUG\fR, + \fBINFO\fR, \fBWARNING\fR or \fBERROR\fR. + ++.SH EXAMPLES ++.TP ++.B cgset -r cpuset.cpus=0-1 student ++set variable cpus in control group student (controller cpuset) to 0-1 ++ ++.TP ++.B cgset --copy-from group1/ group2/ ++copy all parameters of group group1 to group group2 ++(for all path where both cgroups are defined) ++ ++ + .SH SEE ALSO + cgrules.conf (1), cgcreate (1), cgget (1) +diff --git a/doc/man/cgsnapshot.1 b/doc/man/cgsnapshot.1 +index 03c85f6..48a038e 100644 +--- a/doc/man/cgsnapshot.1 ++++ b/doc/man/cgsnapshot.1 +@@ -8,7 +8,7 @@ cgsnapshot \- generate the configuration file for given controllers + + .SH SYNOPSIS + \fBcgsnapshot\fR [\fB-h\fR] [\fB-s\fR] [\fB-t\fR] [\fB-b\fR \fIfile\fR] +-[\fB-w\fR \fIfile\fR] [\fB-f\fR \fIoutput_file\fR] [\fBcontroller\fR] [...] ++[\fB-w\fR \fIfile\fR] [\fB-f\fR \fIoutput_file\fR] [\fBcontroller\fR] [...] + + .SH DESCRIPTION + \fBcgsnapshot\fR +@@ -96,5 +96,18 @@ default whitelist + .B /etc/cgconfig.conf + default libcgroup configuration file + ++.SH EXAMPLES ++.TP ++.B cgsnapshot -s -f /etc/cgconfig.conf.cgsnapshot ++create configuration file which contains all mounted controllers and all ++control groups which are on the actual system ++ ++.TP ++.B cgsnapshot -s -f /etc/cgconfig.conf.cgsnapshot cpu ++create configuration file which contains hierarchy containing cpu controller and all its ++control groups on the actual system ++ ++ ++ + .SH SEE ALSO + cgconfig.conf (5) +diff --git a/doc/man/lscgroup.1 b/doc/man/lscgroup.1 +index 693fbbc..124379e 100644 +--- a/doc/man/lscgroup.1 ++++ b/doc/man/lscgroup.1 +@@ -26,6 +26,21 @@ list all existing cgroups. + controls verbosity of the tool. Allowed values are \fBDEBUG\fR, + \fBINFO\fR, \fBWARNING\fR or \fBERROR\fR. + ++.SH EXAMPLES ++.TP ++.B lscgroup -g cpu:/ ++list all cgroups which are in hierarchy containing cpu controller ++ ++.TP ++.B lscgroup -g cpu:/student ++list all cgroups which are in hierarchy containing cpu controller ++in subgroup student ++ ++.TP ++.B lscgroup ++list all cgroups which in all hierarchies ++ ++ + .SH SEE ALSO + lssubsys (1), cgcreate (1), cgdelete (1), + cgconfig.conf (5) +diff --git a/include/libcgroup/config.h b/include/libcgroup/config.h +index 43568e1..9aaa390 100644 +--- a/include/libcgroup/config.h ++++ b/include/libcgroup/config.h +@@ -83,12 +83,33 @@ int cgroup_init_templates_cache(char *pathname); + */ + int cgroup_reload_cached_templates(char *pathname); + ++/** ++ * Load the templates cache from files. Before calling this function, ++ * cgroup_templates_cache_set_source_files has to be called first. ++ * @param file_index index of file which was unable to be parsed ++ * @return 0 on success, > 0 on error ++ */ ++int cgroup_load_templates_cache_from_files(int *file_index); ++ ++/** ++ * Setting source files of templates. This function has to be called before ++ * any call of cgroup_load_templates_cache_from_files. ++ * @param tmpl_files ++ */ ++struct cgroup_string_list; ++void cgroup_templates_cache_set_source_files( ++ struct cgroup_string_list *tmpl_files); ++ + /** + * Physically create a new control group in kernel, based on given control + * group template and configuration file. If given template is not set in + * configuration file, then the procedure works create the control group + * using cgroup_create_cgroup() function + * ++ * Templates are loaded using cgroup_load_templates_cache_from_files ++ * function, which must be preceded by cgroup_templates_cache_set_source_files ++ * call. ++ * + * The flags can alter the behavior of this function: + * CGFLAG_USE_TEMPLATE_CACHE: Use cached templates instead of + * parsing the config file +diff --git a/include/libcgroup/groups.h b/include/libcgroup/groups.h +index d5c87aa..201558f 100644 +--- a/include/libcgroup/groups.h ++++ b/include/libcgroup/groups.h +@@ -149,6 +149,16 @@ struct cgroup *cgroup_new_cgroup(const char *name); + struct cgroup_controller *cgroup_add_controller(struct cgroup *cgroup, + const char *name); + ++/** ++ * Attach all mounted controllers to given cgroup. This function just modifies ++ * internal libcgroup structure, not the kernel control group. ++ * ++ * @param cgroup ++ * @return zero or error number ++ */ ++int cgroup_add_all_controllers(struct cgroup *cgroup); ++ ++ + /** + * Return appropriate controller from given group. + * The controller must be added before using cgroup_add_controller() or loaded +diff --git a/src/api.c b/src/api.c +index bfd0177..0bf0615 100644 +--- a/src/api.c ++++ b/src/api.c +@@ -473,17 +473,19 @@ static char *cg_skip_unused_charactors_in_rule(char *rule) + * The cache parameter alters the behavior of this function. If true, this + * function will read the entire configuration file and store the results in + * rl (global rules list). If false, this function will only parse until it +- * finds a rule matching the given UID or GID. It will store this rule in rl, ++ * finds a rule matching the given UID or GID. It will store this rule in trl, + * as well as any children rules (rules that begin with a %) that it has. + * + * This function is NOT thread safe! ++ * @param filename configuration file to parse + * @param cache True to cache rules, else false + * @param muid If cache is false, the UID to match against + * @param mgid If cache is false, the GID to match against + * @return 0 on success, -1 if no cache and match found, > 0 on error. + * TODO: Make this function thread safe! ++ * + */ +-static int cgroup_parse_rules(bool cache, uid_t muid, ++static int cgroup_parse_rules_file(char *filename, bool cache, uid_t muid, + gid_t mgid, const char *mprocname) + { + /* File descriptor for the configuration file */ +@@ -544,21 +546,19 @@ static int cgroup_parse_rules(bool cache, uid_t muid, + else + lst = &trl; + +- /* If our list already exists, clean it. */ +- if (lst->head) +- cgroup_free_rule_list(lst); +- + /* Open the configuration file. */ +- pthread_rwlock_wrlock(&rl_lock); +- fp = fopen(CGRULES_CONF_FILE, "re"); ++ fp = fopen(filename, "re"); + if (!fp) { + cgroup_warn("Warning: failed to open configuration file %s: %s\n", +- CGRULES_CONF_FILE, strerror(errno)); +- goto unlock; ++ filename, strerror(errno)); ++ ++ ret = ECGRULESPARSEFAIL; /* originally ret = 0, but */ ++ /* this is parse fail, not success */ ++ goto finish; + } + + /* Now, parse the configuration file one line at a time. */ +- cgroup_dbg("Parsing configuration file.\n"); ++ cgroup_dbg("Parsing configuration file %s.\n", filename); + while (fgets(buff, sizeof(buff), fp) != NULL) { + linenum++; + +@@ -804,8 +804,143 @@ parsefail: + + close: + fclose(fp); +-unlock: ++finish: ++ return ret; ++} ++ ++/** ++ * Parse CGRULES_CONF_FILE and all files in CGRULES_CONF_FILE_DIR. ++ * If CGRULES_CONF_FILE_DIR does not exists or can not be read, ++ * parse only CGRULES_CONF_FILE. This way we keep the back compatibility. ++ * ++ * Original description of this function moved to cgroup_parse_rules_file. ++ * Also cloned and all occurences of file changed to files. ++ * ++ * Parse the configuration files that maps UID/GIDs to cgroups. If ever the ++ * configuration files are modified, applications should call this function to ++ * load the new configuration rules. The function caller is responsible for ++ * calling free() on each rule in the list. ++ * ++ * The cache parameter alters the behavior of this function. If true, this ++ * function will read the entire content of all configuration files and store ++ * the results in rl (global rules list). If false, this function will only ++ * parse until it finds a file and a rule matching the given UID or GID. ++ * The remaining files are skipped. It will store this rule in trl, ++ * as well as any children rules (rules that begin with a %) that it has. ++ * ++ * Files can be read in an random order so the first match must not be ++ * dependent on it. Thus construct the rules the way not to break ++ * this assumption. ++ * ++ * This function is NOT thread safe! ++ * @param cache True to cache rules, else false ++ * @param muid If cache is false, the UID to match against ++ * @param mgid If cache is false, the GID to match against ++ * @return 0 on success, -1 if no cache and match found, > 0 on error. ++ * TODO: Make this function thread safe! ++ */ ++static int cgroup_parse_rules(bool cache, uid_t muid, ++ gid_t mgid, const char *mprocname) ++{ ++ int ret; ++ ++ /* Pointer to the list that we're using */ ++ struct cgroup_rule_list *lst = NULL; ++ ++ /* Directory variables */ ++ DIR *d; ++ struct dirent *item; ++ const char *dirname = CGRULES_CONF_DIR; ++ char *tmp; ++ int sret; ++ ++ /* Determine which list we're using. */ ++ if (cache) ++ lst = &rl; ++ else ++ lst = &trl; ++ ++ /* If our list already exists, clean it. */ ++ if (lst->head) ++ cgroup_free_rule_list(lst); ++ ++ pthread_rwlock_wrlock(&rl_lock); ++ ++ /* Parse CGRULES_CONF_FILE configuration file (back compatibility). */ ++ ret = cgroup_parse_rules_file(CGRULES_CONF_FILE, ++ cache, muid, mgid, mprocname); ++ ++ /* ++ * if match (ret = -1), stop parsing other files, just return ++ * or ret > 0 => error ++ */ ++ if (ret != 0) { ++ pthread_rwlock_unlock(&rl_lock); ++ return ret; ++ } ++ ++ /* Continue parsing */ ++ d = opendir(dirname); ++ if (!d) { ++ cgroup_warn("Warning: Failed to open directory %s: %s\n", ++ dirname, strerror(errno)); ++ ++ /* ++ * Cannot read directory. However, CGRULES_CONF_FILE is ++ * succesfully parsed. Thus return as a success ++ * for back compatibility. ++ */ ++ pthread_rwlock_unlock(&rl_lock); ++ ++ return 0; ++ } ++ ++ /* read all files from CGRULES_CONF_FILE_DIR */ ++ do { ++ item = readdir(d); ++ if (item && (item->d_type == DT_REG ++ || item->d_type == DT_LNK)) { ++ ++ sret = asprintf(&tmp, "%s/%s", dirname, item->d_name); ++ if (sret < 0) { ++ cgroup_err("Out of memory\n"); ++ ++ /* ++ * Cannot read directory. However, CGRULES_CONF_FILE is ++ * succesfully parsed. Thus return as a success ++ * for back compatibility. ++ */ ++ ret = 0; ++ goto unlock_list; ++ } ++ ++ cgroup_dbg("Parsing cgrules file: %s\n", tmp); ++ ret = cgroup_parse_rules_file(tmp, ++ cache, muid, mgid, mprocname); ++ ++ free(tmp); ++ ++ /* match with cache disabled? */ ++ if (ret != 0) ++ goto unlock_list; ++ } ++ if (!item && errno) { ++ cgroup_warn("Warning: cannot read %s: %s\n", ++ dirname, strerror(errno)); ++ /* ++ * Cannot read an item. But continue for ++ * back compatibility as a success. ++ */ ++ ret = 0; ++ goto unlock_list; ++ } ++ } while (item != NULL); ++ ++unlock_list: ++ closedir(d); ++ + pthread_rwlock_unlock(&rl_lock); ++ + return ret; + } + +@@ -1360,13 +1495,18 @@ static int cg_create_control_group(const char *path) + */ + static int cg_set_control_value(char *path, const char *val) + { +- FILE *control_file = NULL; ++ int ctl_file; ++ char *str_val; ++ char *str_val_start; ++ char *pos; ++ size_t len; ++ + if (!cg_test_mounted_fs()) + return ECGROUPNOTMOUNTED; + +- control_file = fopen(path, "r+e"); ++ ctl_file = open(path, O_RDWR | O_CLOEXEC); + +- if (!control_file) { ++ if (ctl_file == -1) { + if (errno == EPERM) { + /* + * We need to set the correct error value, does the +@@ -1377,6 +1517,7 @@ static int cg_set_control_value(char *path, const char *val) + */ + char *path_dir_end; + char *tasks_path; ++ FILE *control_file; + + path_dir_end = strrchr(path, '/'); + if (path_dir_end == NULL) +@@ -1408,15 +1549,47 @@ static int cg_set_control_value(char *path, const char *val) + return ECGROUPVALUENOTEXIST; + } + +- if (fprintf(control_file, "%s", val) < 0) { ++ /* Split the multiline value into lines. */ ++ /* One line is a special case of multiline value. */ ++ str_val = strdup(val); ++ if (str_val == NULL) { + last_errno = errno; +- fclose(control_file); ++ close(ctl_file); + return ECGOTHER; + } +- if (fclose(control_file) < 0) { ++ ++ str_val_start = str_val; ++ pos = str_val; ++ ++ do { ++ str_val = pos; ++ pos = strchr(str_val, '\n'); ++ ++ if (pos) { ++ *pos = '\0'; ++ ++pos; ++ } ++ ++ len = strlen(str_val); ++ if (len > 0) { ++ if (write(ctl_file, str_val, len) == -1) { ++ last_errno = errno; ++ free(str_val_start); ++ close(ctl_file); ++ return ECGOTHER; ++ } ++ } else ++ cgroup_warn("Warning: skipping empty line for %s\n", ++ path); ++ } while(pos); ++ ++ if (close(ctl_file)) { + last_errno = errno; ++ free(str_val_start); + return ECGOTHER; + } ++ ++ free(str_val_start); + return 0; + } + +@@ -1897,15 +2070,23 @@ static int cg_move_task_files(FILE *input_tasks, FILE *output_tasks) + break; + + ret = fprintf(output_tasks, "%d", tids); +- if (ret < 0) +- break; ++ if (ret < 0) { ++ if (errno == ESRCH) ++ ret = 0; ++ else ++ break; ++ } + + /* + * Flush the file, we need only one process per write() call. + */ + ret = fflush(output_tasks); +- if (ret < 0) +- break; ++ if (ret < 0) { ++ if (errno == ESRCH) ++ ret = 0; ++ else ++ break; ++ } + } + + if (ret < 0) { +@@ -2594,13 +2775,17 @@ static struct cgroup_rule *cgroup_find_matching_rule_uid_gid(uid_t uid, + /* Get the group data. */ + sp = &(rule->username[1]); + grp = getgrnam(sp); +- if (!grp) ++ if (!grp) { ++ rule = rule->next; + continue; ++ } + + /* Get the data for UID. */ + usr = getpwuid(uid); +- if (!usr) ++ if (!usr) { ++ rule = rule->next; + continue; ++ } + + /* If UID is a member of group, we matched. */ + for (i = 0; grp->gr_mem[i]; i++) { +@@ -3108,10 +3293,13 @@ int cgroup_change_all_cgroups(void) + return -ECGOTHER; + + while ((pid_dir = readdir(dir)) != NULL) { +- int err, pid; ++ int err, pid, tid; + uid_t euid; + gid_t egid; + char *procname = NULL; ++ DIR *tdir; ++ struct dirent *tid_dir = NULL; ++ char tpath[FILENAME_MAX] = { '\0' }; + + err = sscanf(pid_dir->d_name, "%i", &pid); + if (err < 1) +@@ -3125,11 +3313,24 @@ int cgroup_change_all_cgroups(void) + if (err) + continue; + +- err = cgroup_change_cgroup_flags(euid, +- egid, procname, pid, CGFLAG_USECACHE); +- if (err) +- cgroup_dbg("cgroup change pid %i failed\n", pid); ++ snprintf(tpath, FILENAME_MAX, "%s%d/task/", path, pid); ++ ++ tdir = opendir(tpath); ++ if (!tdir) ++ continue; ++ ++ while ((tid_dir = readdir(tdir)) != NULL) { ++ err = sscanf(tid_dir->d_name, "%i", &tid); ++ if (err < 1) ++ continue; ++ ++ err = cgroup_change_cgroup_flags(euid, ++ egid, procname, tid, CGFLAG_USECACHE); ++ if (err) ++ cgroup_dbg("cgroup change tid %i failed\n", tid); ++ } + ++ closedir(tdir); + free(procname); + } + +diff --git a/src/config.c b/src/config.c +index da2c0dd..090bea5 100644 +--- a/src/config.c ++++ b/src/config.c +@@ -41,6 +41,8 @@ + #include <sys/stat.h> + #include <sys/types.h> + ++#include "tools/tools-common.h" ++ + unsigned int MAX_CGROUPS = 64; /* NOTE: This value changes dynamically */ + unsigned int MAX_TEMPLATES = 64; + /* NOTE: This value changes dynamically */ +@@ -89,6 +91,7 @@ static int config_template_table_index; + */ + static struct cgroup *template_table; + static int template_table_index; ++static struct cgroup_string_list *template_files; + + + /* +@@ -1572,6 +1575,161 @@ int cgroup_init_templates_cache(char *pathname) + + } + ++/** ++ * Setting source files of templates. This function has to be called before ++ * any call of cgroup_load_templates_cache_from_files. ++ * @param tmpl_files ++ */ ++void cgroup_templates_cache_set_source_files( ++ struct cgroup_string_list *tmpl_files) ++{ ++ template_files = tmpl_files; ++} ++ ++/** ++ * Appending cgroup templates parsed by parser to template_table ++ * @param offset number of templates already in the table ++ */ ++int cgroup_add_cgroup_templates(int offset) ++{ ++ int i, ti, ret; ++ ++ for (i = 0; i < config_template_table_index; i++) { ++ ti = i + offset; ++ ret = cgroup_copy_cgroup(&template_table[ti], ++ &config_template_table[i]); ++ if (ret) ++ return ret; ++ ++ strcpy((template_table[ti]).name, ++ (config_template_table[i]).name); ++ template_table[ti].tasks_uid = ++ config_template_table[i].tasks_uid; ++ template_table[ti].tasks_gid = ++ config_template_table[i].tasks_gid; ++ template_table[ti].task_fperm = ++ config_template_table[i].task_fperm; ++ template_table[ti].control_uid = ++ config_template_table[i].control_uid; ++ template_table[ti].control_gid = ++ config_template_table[i].control_gid; ++ template_table[ti].control_fperm = ++ config_template_table[i].control_fperm; ++ template_table[ti].control_dperm = ++ config_template_table[i].control_dperm; ++ } ++ ++ return 0; ++} ++ ++/** ++ * Expand template table based on new number of parsed templates, i.e. ++ * on value of config_template_table_index. ++ * Change value of template_table_index. ++ * @return 0 on success, < 0 on error ++ */ ++int cgroup_expand_template_table(void) ++{ ++ int i; ++ ++ template_table = realloc(template_table, ++ (template_table_index + config_template_table_index) ++ *sizeof(struct cgroup)); ++ ++ if (template_table == NULL) ++ return -ECGOTHER; ++ ++ for (i = 0; i < config_template_table_index; i++) ++ template_table[i + template_table_index].index = 0; ++ ++ template_table_index += config_template_table_index; ++ ++ return 0; ++} ++ ++/** ++ * Load the templates cache from files. Before calling this function, ++ * cgroup_templates_cache_set_source_files has to be called first. ++ * @param file_index index of file which was unable to be parsed ++ * @return 0 on success, > 0 on error ++ */ ++int cgroup_load_templates_cache_from_files(int *file_index) ++{ ++ int ret; ++ int i, j; ++ int template_table_last_index; ++ char *pathname; ++ ++ if (!template_files) { ++ /* source files has not been set */ ++ cgroup_dbg("Template source files have not been set. "); ++ cgroup_dbg("Using only %s\n", CGCONFIG_CONF_FILE); ++ ++ if (template_table_index == 0) ++ /* the rules cache is empty */ ++ return cgroup_init_templates_cache( ++ CGCONFIG_CONF_FILE); ++ else ++ /* cache is not empty */ ++ return cgroup_reload_cached_templates( ++ CGCONFIG_CONF_FILE); ++ } ++ ++ if (template_table) { ++ /* template structures have to be free */ ++ for (i = 0; i < template_table_index; i++) ++ cgroup_free_controllers(&template_table[i]); ++ free(template_table); ++ template_table = NULL; ++ } ++ template_table_index = 0; ++ ++ if ((config_template_table_index != 0) || (config_table_index != 0)) { ++ /* config structures have to be clean before parsing */ ++ cgroup_free_config(); ++ } ++ ++ for (j = 0; j < template_files->count; j++) { ++ pathname = template_files->items[j]; ++ ++ cgroup_dbg("Parsing templates from %s.\n", pathname); ++ /* Attempt to read the configuration file ++ * and cache the rules. */ ++ ret = cgroup_parse_config(pathname); ++ if (ret) { ++ cgroup_dbg("Could not initialize rule cache, "); ++ cgroup_dbg("error was: %d\n", ret); ++ *file_index = j; ++ return ret; ++ } ++ ++ if (config_template_table_index > 0) { ++ template_table_last_index = template_table_index; ++ ret = cgroup_expand_template_table(); ++ if (ret) { ++ cgroup_dbg("Could not expand template table, "); ++ cgroup_dbg("error was: %d\n", -ret); ++ *file_index = j; ++ return -ret; ++ } ++ ++ /* copy template data to templates cache structures */ ++ cgroup_dbg("Copying templates to template table "); ++ cgroup_dbg("from %s.\n", pathname); ++ ret = cgroup_add_cgroup_templates( ++ template_table_last_index); ++ if (ret) { ++ cgroup_dbg("Unable to copy cgroup\n"); ++ *file_index = j; ++ return ret; ++ } ++ cgroup_dbg("Templates to template table copied\n"); ++ } ++ } ++ ++ return 0; ++} ++ + /* + * Create a given cgroup, based on template configuration if it is present + * if the template is not present cgroup is creted using cgroup_create_cgroup +@@ -1593,13 +1751,22 @@ int cgroup_config_create_template_group(struct cgroup *cgroup, + * use CGCONFIG_CONF_FILE by default + */ + if (!(flags & CGFLAG_USE_TEMPLATE_CACHE)) { +- if (template_table_index == 0) +- /* the rules cache is empty */ +- ret = cgroup_init_templates_cache(CGCONFIG_CONF_FILE); +- else +- /* cache is not empty */ +- ret = cgroup_reload_cached_templates( +- CGCONFIG_CONF_FILE); ++ int fileindex; ++ ++ /* the rules cache is empty */ ++ ret = cgroup_load_templates_cache_from_files( ++ &fileindex); ++ if (ret != 0) { ++ if (fileindex < 0) { ++ cgroup_dbg("Error: Template source files "); ++ cgroup_dbg("have not been set\n"); ++ } else { ++ cgroup_dbg("Error: Failed to load template"); ++ cgroup_dbg("rules from %s. ", ++ template_files->items[fileindex]); ++ } ++ } ++ + if (ret != 0) { + cgroup_dbg("Failed initialize templates cache.\n"); + return ret; +@@ -1659,7 +1826,7 @@ int cgroup_config_create_template_group(struct cgroup *cgroup, + /* no template is present for given name x controller pair + * add controller to result cgroup */ + aux_cgroup = cgroup_new_cgroup(cgroup->name); +- if (aux_cgroup) { ++ if (!aux_cgroup) { + ret = ECGINVAL; + fprintf(stderr, "cgroup %s can't be created\n", + cgroup->name); +diff --git a/src/daemon/Makefile.am b/src/daemon/Makefile.am +index f3100ed..abbbe30 100644 +--- a/src/daemon/Makefile.am ++++ b/src/daemon/Makefile.am +@@ -1,9 +1,9 @@ +-INCLUDES = -I $(top_srcdir)/include ++INCLUDES = -I$(top_srcdir)/src -I$(top_srcdir)/include + + if WITH_DAEMON + + sbin_PROGRAMS = cgrulesengd +-cgrulesengd_SOURCES = cgrulesengd.c cgrulesengd.h ++cgrulesengd_SOURCES = cgrulesengd.c cgrulesengd.h ../tools/tools-common.h ../tools/tools-common.c + cgrulesengd_LDADD = $(top_builddir)/src/.libs/libcgroup.la -lrt + cgrulesengd_LDFLAGS = -L$(top_builddir)/src/.libs + +diff --git a/src/daemon/cgrulesengd.c b/src/daemon/cgrulesengd.c +index 367b898..ea51f11 100644 +--- a/src/daemon/cgrulesengd.c ++++ b/src/daemon/cgrulesengd.c +@@ -34,6 +34,7 @@ + #include "libcgroup.h" + #include "cgrulesengd.h" + #include "../libcgroup-internal.h" ++#include "../tools/tools-common.h" + + #include <errno.h> + #include <stdarg.h> +@@ -59,6 +60,9 @@ + + #define NUM_PER_REALLOCATIOM (100) + ++/* list of config files from CGCONFIG_CONF_FILE and CGCONFIG_CONF_DIR */ ++static struct cgroup_string_list template_files; ++ + /* Log file, NULL if logging to file is disabled */ + FILE* logfile; + +@@ -936,6 +940,8 @@ void cgre_flash_rules(int signum) + /* Current time */ + time_t tm = time(0); + ++ int fileindex; ++ + flog(LOG_INFO, "Reloading rules configuration\n"); + flog(LOG_DEBUG, "Current time: %s\n", ctime(&tm)); + +@@ -949,7 +955,7 @@ void cgre_flash_rules(int signum) + } + + /* Ask libcgroup to reload the template rules table. */ +- cgroup_reload_cached_templates(CGCONFIG_CONF_FILE); ++ cgroup_load_templates_cache_from_files(&fileindex); + } + + /** +@@ -962,11 +968,13 @@ void cgre_flash_templates(int signum) + /* Current time */ + time_t tm = time(0); + ++ int fileindex; ++ + flog(LOG_INFO, "Reloading templates configuration.\n"); + flog(LOG_DEBUG, "Current time: %s\n", ctime(&tm)); + + /* Ask libcgroup to reload the templates table. */ +- cgroup_reload_cached_templates(CGCONFIG_CONF_FILE); ++ cgroup_load_templates_cache_from_files(&fileindex); + } + + /** +@@ -1069,6 +1077,8 @@ int main(int argc, char *argv[]) + {NULL, 0, NULL, 0} + }; + ++ int fileindex; ++ + /* Make sure the user is root. */ + if (getuid() != 0) { + fprintf(stderr, "Error: Only root can start/stop the control" +@@ -1180,6 +1190,25 @@ int main(int argc, char *argv[]) + } + + /* Ask libcgroup to load the configuration rules. */ ++ ret = cgroup_string_list_init(&template_files, ++ CGCONFIG_CONF_FILES_LIST_MINIMUM_SIZE); ++ if (ret) { ++ fprintf(stderr, "%s: cannot init file list, out of memory?\n", ++ argv[0]); ++ goto finished_without_temp_files; ++ } ++ /* first add CGCONFIG_CONF_FILE into file list */ ++ ret = cgroup_string_list_add_item(&template_files, CGCONFIG_CONF_FILE); ++ if (ret) { ++ fprintf(stderr, "%s: cannot add file to list, out of memory?\n" ++ , argv[0]); ++ goto finished; ++ } ++ ++ /* then read CGCONFIG_CONF_DIR directory for additional config files */ ++ cgroup_string_list_add_directory(&template_files, CGCONFIG_CONF_DIR, ++ argv[0]); ++ + if ((ret = cgroup_init_rules_cache()) != 0) { + fprintf(stderr, "Error: libcgroup failed to initialize rules" + "cache from %s. %s\n", CGRULES_CONF_FILE, +@@ -1188,11 +1217,18 @@ int main(int argc, char *argv[]) + } + + /* ask libcgroup to load template rules as well */ +- ret = cgroup_init_templates_cache(CGCONFIG_CONF_FILE); ++ cgroup_templates_cache_set_source_files(&template_files); ++ ret = cgroup_load_templates_cache_from_files(&fileindex); + if (ret != 0) { +- fprintf(stderr, "Error: libcgroup failed to initialize teplate"\ +- "rules from %s. %s\n", CGCONFIG_CONF_FILE, +- cgroup_strerror(ret)); ++ if (fileindex < 0) { ++ fprintf(stderr, "Error: Template source files "); ++ fprintf(stderr, "have not been set\n"); ++ } else { ++ fprintf(stderr, "Error: Failed to initialize template"); ++ fprintf(stderr, "rules from %s. ", ++ template_files.items[fileindex]); ++ fprintf(stderr, "%s\n", cgroup_strerror(-ret)); ++ } + goto finished; + } + +@@ -1259,6 +1295,9 @@ int main(int argc, char *argv[]) + ret = cgre_create_netlink_socket_process_msg(); + + finished: ++ cgroup_string_list_free(&template_files); ++ ++finished_without_temp_files: + if (logfile && logfile != stdout) + fclose(logfile); + +diff --git a/src/lex.l b/src/lex.l +index 1b357db..ecd212c 100644 +--- a/src/lex.l ++++ b/src/lex.l +@@ -42,8 +42,8 @@ jmp_buf parser_error_env; + "group" {return GROUP;} + "namespace" {return NAMESPACE;} + "template" {return TEMPLATE;} +-"default" {return DEFAULT;} +-[a-zA-Z0-9_\-\/\.\,\%\@]+ {yylval.name = strdup(yytext); return ID;} ++"default" {yylval.name = strdup(yytext); return DEFAULT;} ++[a-zA-Z0-9_\-\/\.\,\%\@\\]+ {yylval.name = strdup(yytext); return ID;} + \"[^"]*\" {yylval.name = strdup(yytext+1); yylval.name[strlen(yylval.name)-1] = '\0'; return ID; } + . {return yytext[0];} + %% +diff --git a/src/libcgroup-internal.h b/src/libcgroup-internal.h +index 4c0f46c..9875dd9 100644 +--- a/src/libcgroup-internal.h ++++ b/src/libcgroup-internal.h +@@ -48,8 +48,12 @@ __BEGIN_DECLS + + + #define CGCONFIG_CONF_FILE "/etc/cgconfig.conf" ++/* Minimum number of file in template file list for cgrulesengd */ ++#define CGCONFIG_CONF_FILES_LIST_MINIMUM_SIZE 4 ++#define CGCONFIG_CONF_DIR "/etc/cgconfig.d" + + #define CGRULES_CONF_FILE "/etc/cgrules.conf" ++#define CGRULES_CONF_DIR "/etc/cgrules.d" + #define CGRULES_MAX_FIELDS_PER_LINE 3 + + #define CGROUP_BUFFER_LEN (5 * FILENAME_MAX) +diff --git a/src/libcgroup.map b/src/libcgroup.map +index b0c162c..8fe1990 100644 +--- a/src/libcgroup.map ++++ b/src/libcgroup.map +@@ -117,3 +117,15 @@ CGROUP_0.39 { + cgroup_log; + cgroup_parse_log_level_str; + } CGROUP_0.38; ++ ++CGROUP_0.40 { ++ cgroup_templates_cache_set_source_files; ++ cgroup_load_templates_cache_from_files; ++} CGROUP_0.39; ++ ++CGROUP_0.41 { ++} CGROUP_0.40; ++ ++CGROUP_0.42 { ++ cgroup_add_all_controllers; ++} CGROUP_0.41; +diff --git a/src/parse.y b/src/parse.y +index 9adbc0e..98f7699 100644 +--- a/src/parse.y ++++ b/src/parse.y +@@ -45,9 +45,9 @@ int yywrap(void) + int val; + struct cgroup_dictionary *values; + } +-%type <name> ID ++%type <name> ID DEFAULT + %type <val> mountvalue_conf mount task_namevalue_conf admin_namevalue_conf +-%type <val> admin_conf task_conf task_or_admin group_conf group start ++%type <val> admin_conf task_conf task_or_admin group_conf group start group_name + %type <val> namespace namespace_conf default default_conf + %type <values> namevalue_conf + %type <val> template template_conf +@@ -99,7 +99,7 @@ default_conf + } + ; + +-group : GROUP ID '{' group_conf '}' ++group : GROUP group_name '{' group_conf '}' + { + $$ = $4; + if ($$) { +@@ -119,6 +119,16 @@ group : GROUP ID '{' group_conf '}' + } + ; + ++group_name ++ : ID ++ { ++ $$ = $1; ++ } ++ | DEFAULT ++ { ++ $$ = $1; ++ } ++ + group_conf + : ID '{' namevalue_conf '}' + { +diff --git a/src/tools/cgcreate.c b/src/tools/cgcreate.c +index 73abd91..65b188a 100644 +--- a/src/tools/cgcreate.c ++++ b/src/tools/cgcreate.c +@@ -54,7 +54,6 @@ static void usage(int status, const char *program_name) + printf(" -t <tuid>:<tgid> Owner of the tasks file\n"); + } + +- + int main(int argc, char *argv[]) + { + int ret = 0; +@@ -195,16 +194,29 @@ int main(int argc, char *argv[]) + /* add controllers to the new cgroup */ + j = 0; + while (cgroup_list[i]->controllers[j]) { +- cgc = cgroup_add_controller(cgroup, +- cgroup_list[i]->controllers[j]); +- if (!cgc) { +- ret = ECGINVAL; +- fprintf(stderr, "%s: " +- "controller %s can't be add\n", +- argv[0], ++ if (strcmp(cgroup_list[i]->controllers[j], "*") == 0) { ++ /* it is meta character, add all controllers */ ++ ret = cgroup_add_all_controllers(cgroup); ++ if (ret != 0) { ++ ret = ECGINVAL; ++ fprintf(stderr, "%s: can't add ", ++ argv[0]); ++ fprintf(stderr, "all controllers\n"); ++ cgroup_free(&cgroup); ++ goto err; ++ } ++ } else { ++ cgc = cgroup_add_controller(cgroup, + cgroup_list[i]->controllers[j]); +- cgroup_free(&cgroup); +- goto err; ++ if (!cgc) { ++ ret = ECGINVAL; ++ fprintf(stderr, "%s: ", argv[0]); ++ fprintf(stderr, "controller %s", ++ cgroup_list[i]->controllers[j]); ++ fprintf(stderr, "can't be add\n"); ++ cgroup_free(&cgroup); ++ goto err; ++ } + } + j++; + } +diff --git a/src/tools/cgdelete.c b/src/tools/cgdelete.c +index 190310f..43cc47c 100644 +--- a/src/tools/cgdelete.c ++++ b/src/tools/cgdelete.c +@@ -33,6 +33,13 @@ static struct option const long_options[] = + {NULL, 0, NULL, 0} + }; + ++struct ext_cgroup_record { ++ char name[FILENAME_MAX]; /* controller name */ ++ char controller[FILENAME_MAX]; /* cgroup name */ ++ int h_number; /* hierarchy number */ ++}; ++ ++ + static void usage(int status, const char *program_name) + { + if (status != 0) { +@@ -51,6 +58,69 @@ static void usage(int status, const char *program_name) + "all subgroups\n"); + } + ++/* ++ * Skip adding controller which points to the same cgroup when delete ++ * cgroup with specifying multi controllers. Just skip controller which ++ * cgroup and hierarchy number is same ++ */ ++static int skip_add_controller(int counter, int *skip, ++ struct ext_cgroup_record *ecg_list) ++{ ++ int k; ++ struct controller_data info; ++ void *handle; ++ int ret = 0; ++ ++ /* find out hierarchy number of added cgroup */ ++ ecg_list[counter].h_number = 0; ++ ret = cgroup_get_all_controller_begin(&handle, &info); ++ while (ret == 0) { ++ if (!strcmp(info.name, ecg_list[counter].name)) { ++ /* hierarchy number found out, set it */ ++ ecg_list[counter].h_number = info.hierarchy; ++ break; ++ } ++ ret = cgroup_get_all_controller_next(&handle, &info); ++ } ++ cgroup_get_all_controller_end(&handle); ++ ++ /* deal with cgroup_get_controller_begin/next ret values */ ++ if (ret == ECGEOF) ++ ret = 0; ++ if (ret) { ++ fprintf(stderr, "cgroup_get_controller_begin/next failed(%s)\n", ++ cgroup_strerror(ret)); ++ return ret; ++ } ++ ++ /* found out whether the hierarchy should be skipped */ ++ *skip = 0; ++ for (k = 0; k < counter; k++) { ++ if ((!strcmp(ecg_list[k].name, ecg_list[counter].name)) && ++ (ecg_list[k].h_number == ecg_list[counter].h_number)) { ++ /* we found a control group in the same hierarchy */ ++ if (strcmp(ecg_list[k].controller, ++ ecg_list[counter].controller)) { ++ /* ++ * it is a different controller -> ++ * if there is not one cgroup for the same ++ * controller, skip it ++ */ ++ *skip = 1; ++ } else { ++ /* ++ * there is the identical group,controller pair ++ * don't skip it ++ */ ++ *skip = 0; ++ return ret; ++ } ++ } ++ } ++ ++ return ret; ++} ++ + + int main(int argc, char *argv[]) + { +@@ -60,6 +130,11 @@ int main(int argc, char *argv[]) + int flags = 0; + int final_ret = 0; + ++ int counter = 0; ++ int max = 0; ++ struct ext_cgroup_record *ecg_list = NULL; ++ int skip; ++ + struct cgroup_group_spec **cgroup_list = NULL; + struct cgroup *cgroup; + struct cgroup_controller *cgc; +@@ -80,6 +155,13 @@ int main(int argc, char *argv[]) + goto err; + } + ++ ecg_list = calloc(argc, sizeof(struct ext_cgroup_record *)); ++ if (cgroup_list == NULL) { ++ fprintf(stderr, "%s: out of memory\n", argv[0]); ++ ret = -1; ++ goto err; ++ } ++ + /* + * Parse arguments + */ +@@ -138,6 +220,44 @@ int main(int argc, char *argv[]) + /* add controllers to the cgroup */ + j = 0; + while (cgroup_list[i]->controllers[j]) { ++ skip = 0; ++ /* ++ * save controller name, cg name and hierarchy number ++ * to determine whether we should skip adding controller ++ */ ++ if (counter == max) { ++ /* ++ * there is not enough space to store them, ++ * create it ++ */ ++ max = max + argc; ++ ecg_list = (struct ext_cgroup_record *) ++ realloc(ecg_list, ++ max * sizeof(struct ext_cgroup_record)); ++ if (!ecg_list) { ++ fprintf(stderr, "%s: ", argv[0]); ++ fprintf(stderr, "not enough memory\n"); ++ final_ret = -1; ++ goto err; ++ } ++ } ++ ++ strncpy(ecg_list[counter].controller, ++ cgroup_list[i]->controllers[j], FILENAME_MAX); ++ ecg_list[counter].controller[FILENAME_MAX - 1] = '\0'; ++ strncpy(ecg_list[counter].name, ++ cgroup_list[i]->path, FILENAME_MAX); ++ ecg_list[counter].name[FILENAME_MAX - 1] = '\0'; ++ ++ ret = skip_add_controller(counter, &skip, ecg_list); ++ if (ret) ++ goto err; ++ ++ if (skip) { ++ /* don't add the controller, goto next one */ ++ goto next; ++ } ++ + cgc = cgroup_add_controller(cgroup, + cgroup_list[i]->controllers[j]); + if (!cgc) { +@@ -149,6 +269,8 @@ int main(int argc, char *argv[]) + cgroup_free(&cgroup); + goto err; + } ++next: ++ counter++; + j++; + } + +@@ -167,6 +289,9 @@ int main(int argc, char *argv[]) + + ret = final_ret; + err: ++ if (ecg_list) ++ free(ecg_list); ++ + if (cgroup_list) { + for (i = 0; i < argc; i++) { + if (cgroup_list[i]) +diff --git a/src/tools/tools-common.h b/src/tools/tools-common.h +index e05465f..c723eb4 100644 +--- a/src/tools/tools-common.h ++++ b/src/tools/tools-common.h +@@ -20,7 +20,7 @@ + + #include "config.h" + #include <libcgroup.h> +-#include <libcgroup-internal.h> ++#include "../libcgroup-internal.h" + + #define cgroup_err(x...) cgroup_log(CGROUP_LOG_ERROR, x) + #define cgroup_warn(x...) cgroup_log(CGROUP_LOG_WARNING, x) +diff --git a/src/wrapper.c b/src/wrapper.c +index c03472a..3a9331f 100644 +--- a/src/wrapper.c ++++ b/src/wrapper.c +@@ -92,6 +92,56 @@ struct cgroup_controller *cgroup_add_controller(struct cgroup *cgroup, + return controller; + } + ++int cgroup_add_all_controllers(struct cgroup *cgroup) ++{ ++ int ret; ++ void *handle; ++ struct controller_data info; ++ struct cgroup_controller *cgc; ++ ++ /* go through the controller list */ ++ ret = cgroup_get_all_controller_begin(&handle, &info); ++ if ((ret != 0) && (ret != ECGEOF)) { ++ fprintf(stderr, "cannot read controller data: %s\n", ++ cgroup_strerror(ret)); ++ return ret; ++ } ++ ++ while (ret == 0) { ++ if (info.hierarchy == 0) { ++ /* the controller is not attached to any hierarchy ++ skip it */ ++ goto next; ++ } ++ ++ /* add mounted controller to cgroup structure */ ++ cgc = cgroup_add_controller(cgroup, info.name); ++ if (!cgc) { ++ ret = ECGINVAL; ++ fprintf(stderr, "controller %s can't be add\n", ++ info.name); ++ } ++ ++next: ++ ret = cgroup_get_all_controller_next(&handle, &info); ++ if (ret && ret != ECGEOF) ++ goto end; ++ } ++ ++end: ++ cgroup_get_all_controller_end(&handle); ++ ++ if (ret == ECGEOF) ++ ret = 0; ++ ++ if (ret) ++ fprintf(stderr, ++ "cgroup_get_controller_begin/next failed (%s)\n", ++ cgroup_strerror(ret)); ++ ++ return ret; ++} ++ + void cgroup_free_controllers(struct cgroup *cgroup) + { + int i, j; |