diff options
author | Ken'ichi Ohmichi <oomichi@mxs.nes.nec.co.jp> | 2009-06-26 14:50:09 +0900 |
---|---|---|
committer | Dhaval Giani <dhaval@linux.vnet.ibm.com> | 2009-06-29 16:47:32 +0530 |
commit | b6777528cc8ce46ce4d1ef888d62f2c5c5f27275 (patch) | |
tree | 0d5ef9331bc525f2d42c3835962a748bdadb44a4 /src/daemon | |
parent | 495c45c844522c29ee4d0a26942e894f1346c237 (diff) | |
download | libcg-b6777528cc8ce46ce4d1ef888d62f2c5c5f27275.tar.gz libcg-b6777528cc8ce46ce4d1ef888d62f2c5c5f27275.tar.xz libcg-b6777528cc8ce46ce4d1ef888d62f2c5c5f27275.zip |
Add a exec event to the event handler of cgrulesengd daemon.
Hi,
Changelog of v6:
================
* Change the cgroup_get_procname_from_procfs() calling for the
returning value's change.
Changelog of v5:
================
* No change.
Changelog of v4:
================
* No change.
Changelog of v3:
================
* No change.
Changelog of v2:
================
* No change.
Description:
============
A process name is changed when execve(2), so a new rule based on
process name should be applied when execve(2) happens.
Then this patch adds an EXEC event to the event handler.
Thanks
Ken'ichi Ohmichi
Signed-off-by: Ken'ichi Ohmichi <oomichi@mxs.nes.nec.co.jp>
Signed-off-by: Dhaval Giani <dhaval@linux.vnet.ibm.com>
Diffstat (limited to 'src/daemon')
-rw-r--r-- | src/daemon/cgrulesengd.c | 35 |
1 files changed, 26 insertions, 9 deletions
diff --git a/src/daemon/cgrulesengd.c b/src/daemon/cgrulesengd.c index 4c71283..0eacbbc 100644 --- a/src/daemon/cgrulesengd.c +++ b/src/daemon/cgrulesengd.c @@ -226,7 +226,7 @@ static int cgre_was_parent_changed_when_forking(const struct proc_event *ev) return 0; } -static int cgre_change_cgroup_uid_gid(const uid_t uid, const gid_t gid, +static int cgre_change_cgroup(const uid_t uid, const gid_t gid, char *procname, const pid_t pid) { int ret; @@ -240,7 +240,7 @@ static int cgre_change_cgroup_uid_gid(const uid_t uid, const gid_t gid, sigaddset(&sigset, SIGUSR2); sigprocmask(SIG_BLOCK, &sigset, NULL); - ret = cgroup_change_cgroup_uid_gid_flags(uid, gid, pid, + ret = cgroup_change_cgroup_flags(uid, gid, procname, pid, CGFLAG_USECACHE); sigprocmask(SIG_UNBLOCK, &sigset, NULL); @@ -257,6 +257,7 @@ static int cgre_change_cgroup_uid_gid(const uid_t uid, const gid_t gid, */ int cgre_process_event(const struct proc_event *ev, const int type) { + char *procname; pid_t pid = 0, log_pid = 0; uid_t euid, log_uid = 0; gid_t egid, log_gid = 0; @@ -277,6 +278,9 @@ int cgre_process_event(const struct proc_event *ev, const int type) return 0; pid = ev->event_data.fork.child_pid; break; + case PROC_EVENT_EXEC: + pid = ev->event_data.exec.process_pid; + break; default: break; } @@ -288,6 +292,12 @@ int cgre_process_event(const struct proc_event *ev, const int type) else if (ret) return ret; + ret = cgroup_get_procname_from_procfs(pid, &procname); + if (ret == ECGROUPNOTEXIST) + return 0; + else if (ret) + return ret; + /* * Now that we have the UID, the GID, and the PID, we can make a call * to libcgroup to change the cgroup for this PID. @@ -297,25 +307,25 @@ int cgre_process_event(const struct proc_event *ev, const int type) case PROC_EVENT_UID: log_uid = ev->event_data.id.e.euid; log_gid = egid; - ret = cgre_change_cgroup_uid_gid( - ev->event_data.id.e.euid, - egid, pid); + euid = ev->event_data.id.e.euid; break; case PROC_EVENT_GID: log_uid = euid; log_gid = ev->event_data.id.e.egid; - ret = cgre_change_cgroup_uid_gid(euid, - ev->event_data.id.e.egid, pid); + egid = ev->event_data.id.e.egid; break; case PROC_EVENT_FORK: log_uid = euid; log_gid = egid; - ret = cgre_change_cgroup_uid_gid(euid, egid, pid); + break; + case PROC_EVENT_EXEC: + log_uid = euid; + log_gid = egid; break; default: break; } - + ret = cgre_change_cgroup(euid, egid, procname, pid); if (ret) { /* * TODO: add some supression, do not spam log when every group @@ -329,6 +339,7 @@ int cgre_process_event(const struct proc_event *ev, const int type) flog(LOG_INFO, "Cgroup change for PID: %d, UID: %d, GID: %d OK", log_pid, log_uid, log_gid); } + free(procname); return ret; } @@ -369,6 +380,12 @@ int cgre_handle_msg(struct cn_msg *cn_hdr) case PROC_EVENT_FORK: ret = cgre_process_event(ev, PROC_EVENT_FORK); break; + case PROC_EVENT_EXEC: + flog(LOG_DEBUG, "EXEC Event: PID = %d, tGID = %d", + ev->event_data.exec.process_pid, + ev->event_data.exec.process_tgid); + ret = cgre_process_event(ev, PROC_EVENT_EXEC); + break; default: break; } |