diff options
author | Jan Safranek <jsafrane@redhat.com> | 2009-05-26 15:10:04 +0200 |
---|---|---|
committer | Jan Safranek <jsafrane@redhat.com> | 2009-05-26 15:10:04 +0200 |
commit | 5d4c157d29b7dba3081dd274a4c9d0eaa5bac63e (patch) | |
tree | 25370db0f5ed6466655834e8be32ba44e9f04220 /src/daemon | |
parent | 37f11368ff2aca9ff736bd569ca58f48623c200b (diff) | |
download | libcg-review/daemon-exec.tar.gz libcg-review/daemon-exec.tar.xz libcg-review/daemon-exec.zip |
A process name is changed when execve(2), so a new rule based on
process name should be applied when execve(2) happens.
Then this patch adds an EXEC event to the event handler.
TODO:
=====
* The cgroup directory, which is specified by `cgexec` command, is
ignored because this patch adds an EXEC event to the event handler.
This problem should be fixed.
Thanks
Ken'ichi Ohmichi
Signed-off-by: Ken'ichi Ohmichi <oomichi@mxs.nes.nec.co.jp>
Diffstat (limited to 'src/daemon')
-rw-r--r-- | src/daemon/cgrulesengd.c | 23 |
1 files changed, 16 insertions, 7 deletions
diff --git a/src/daemon/cgrulesengd.c b/src/daemon/cgrulesengd.c index ea093ad..511d44e 100644 --- a/src/daemon/cgrulesengd.c +++ b/src/daemon/cgrulesengd.c @@ -276,6 +276,9 @@ int cgre_process_event(const struct proc_event *ev, const int type) return 0; pid = ev->event_data.fork.child_pid; break; + case PROC_EVENT_EXEC: + pid = ev->event_data.exec.process_pid; + break; default: break; } @@ -293,25 +296,25 @@ int cgre_process_event(const struct proc_event *ev, const int type) case PROC_EVENT_UID: log_uid = ev->event_data.id.e.euid; log_gid = egid; - ret = cgre_change_cgroup_uid_gid( - ev->event_data.id.e.euid, - egid, pid); + euid = ev->event_data.id.e.euid; break; case PROC_EVENT_GID: log_uid = euid; log_gid = ev->event_data.id.e.egid; - ret = cgre_change_cgroup_uid_gid(euid, - ev->event_data.id.e.egid, pid); + egid = ev->event_data.id.e.egid; break; case PROC_EVENT_FORK: log_uid = euid; log_gid = egid; - ret = cgre_change_cgroup_uid_gid(euid, egid, pid); + break; + case PROC_EVENT_EXEC: + log_uid = euid; + log_gid = egid; break; default: break; } - + ret = cgre_change_cgroup_uid_gid(euid, egid, pid); if (ret) { /* * TODO: add some supression, do not spam log when every group @@ -365,6 +368,12 @@ int cgre_handle_msg(struct cn_msg *cn_hdr) case PROC_EVENT_FORK: ret = cgre_process_event(ev, PROC_EVENT_FORK); break; + case PROC_EVENT_EXEC: + flog(LOG_DEBUG, "EXEC Event: PID = %d, tGID = %d", + ev->event_data.exec.process_pid, + ev->event_data.exec.process_tgid); + ret = cgre_process_event(ev, PROC_EVENT_EXEC); + break; default: break; } |