summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJan Safranek <jsafrane@redhat.com>2009-05-26 15:10:04 +0200
committerJan Safranek <jsafrane@redhat.com>2009-05-26 15:10:04 +0200
commit5d4c157d29b7dba3081dd274a4c9d0eaa5bac63e (patch)
tree25370db0f5ed6466655834e8be32ba44e9f04220
parent37f11368ff2aca9ff736bd569ca58f48623c200b (diff)
downloadlibcg-review/daemon-exec.zip
libcg-review/daemon-exec.tar.gz
libcg-review/daemon-exec.tar.xz
A process name is changed when execve(2), so a new rule based on process name should be applied when execve(2) happens. Then this patch adds an EXEC event to the event handler. TODO: ===== * The cgroup directory, which is specified by `cgexec` command, is ignored because this patch adds an EXEC event to the event handler. This problem should be fixed. Thanks Ken'ichi Ohmichi Signed-off-by: Ken'ichi Ohmichi <oomichi@mxs.nes.nec.co.jp>
-rw-r--r--src/daemon/cgrulesengd.c23
1 files changed, 16 insertions, 7 deletions
diff --git a/src/daemon/cgrulesengd.c b/src/daemon/cgrulesengd.c
index ea093ad..511d44e 100644
--- a/src/daemon/cgrulesengd.c
+++ b/src/daemon/cgrulesengd.c
@@ -276,6 +276,9 @@ int cgre_process_event(const struct proc_event *ev, const int type)
return 0;
pid = ev->event_data.fork.child_pid;
break;
+ case PROC_EVENT_EXEC:
+ pid = ev->event_data.exec.process_pid;
+ break;
default:
break;
}
@@ -293,25 +296,25 @@ int cgre_process_event(const struct proc_event *ev, const int type)
case PROC_EVENT_UID:
log_uid = ev->event_data.id.e.euid;
log_gid = egid;
- ret = cgre_change_cgroup_uid_gid(
- ev->event_data.id.e.euid,
- egid, pid);
+ euid = ev->event_data.id.e.euid;
break;
case PROC_EVENT_GID:
log_uid = euid;
log_gid = ev->event_data.id.e.egid;
- ret = cgre_change_cgroup_uid_gid(euid,
- ev->event_data.id.e.egid, pid);
+ egid = ev->event_data.id.e.egid;
break;
case PROC_EVENT_FORK:
log_uid = euid;
log_gid = egid;
- ret = cgre_change_cgroup_uid_gid(euid, egid, pid);
+ break;
+ case PROC_EVENT_EXEC:
+ log_uid = euid;
+ log_gid = egid;
break;
default:
break;
}
-
+ ret = cgre_change_cgroup_uid_gid(euid, egid, pid);
if (ret) {
/*
* TODO: add some supression, do not spam log when every group
@@ -365,6 +368,12 @@ int cgre_handle_msg(struct cn_msg *cn_hdr)
case PROC_EVENT_FORK:
ret = cgre_process_event(ev, PROC_EVENT_FORK);
break;
+ case PROC_EVENT_EXEC:
+ flog(LOG_DEBUG, "EXEC Event: PID = %d, tGID = %d",
+ ev->event_data.exec.process_pid,
+ ev->event_data.exec.process_tgid);
+ ret = cgre_process_event(ev, PROC_EVENT_EXEC);
+ break;
default:
break;
}