diff options
| -rw-r--r-- | Makefile.in | 11 | ||||
| -rw-r--r-- | cgclassify.c | 148 |
2 files changed, 156 insertions, 3 deletions
diff --git a/Makefile.in b/Makefile.in index ba6a7a3..7fdff9a 100644 --- a/Makefile.in +++ b/Makefile.in @@ -29,7 +29,7 @@ PACKAGE_VERSION=@PACKAGE_VERSION@ CFLAGS=@CFLAGS@ $(INC) -DPACKAGE_VERSION=$(PACKAGE_VERSION) VERSION=1 -all: libcgroup.so cgconfigparser cgexec +all: libcgroup.so cgconfigparser cgexec cgclassify cgconfigparser: libcgroup.so config.c y.tab.c lex.yy.c libcgroup.h file-ops.c $(CC) $(CFLAGS) -o $@ y.tab.c lex.yy.c config.c file-ops.c \ @@ -38,6 +38,9 @@ cgconfigparser: libcgroup.so config.c y.tab.c lex.yy.c libcgroup.h file-ops.c cgexec: libcgroup.so cgexec.c libcgroup.h $(CC) $(CFLAGS) -Wall -o $@ cgexec.c $(LDFLAGS) $(LIBS) +cgclassify: cgclassify.c + $(CC) $(CFLAGS) -Wall -o $@ cgclassify.c $(LDFLAGS) $(LIBS) + y.tab.c: parse.y lex.yy.c $(YACC) -v -d parse.y @@ -49,13 +52,14 @@ libcgroup.so: api.c libcgroup.h wrapper.c wrapper.c ln -sf $@ $@.$(VERSION) -install: libcgroup.so cgexec +install: libcgroup.so cgexec cgclassify $(INSTALL_DATA) -D libcgroup.h $(DESTDIR)$(includedir)/libcgroup.h $(INSTALL) -D libcgroup.so $(DESTDIR)$(libdir)/libcgroup-$(PACKAGE_VERSION).so ln -sf libcgroup-$(PACKAGE_VERSION).so $(DESTDIR)$(libdir)/libcgroup.so.$(VERSION) ln -sf libcgroup.so.$(VERSION) $(DESTDIR)$(libdir)/libcgroup.so $(INSTALL) -D cgconfigparser $(DESTDIR)$(sbindir) $(INSTALL) cgexec $(DESTDIR)$(bindir)/cgexec + $(INSTALL) cgclassify $(DESTDIR)$(bindir)/cgclassify uninstall: libcgroup.so rm -f $(DESTDIR)$(includedir)/libcgroup.h @@ -64,7 +68,8 @@ uninstall: libcgroup.so rm -f $(DESTDIR)$(libdir)/libcgroup-$(PACKAGE_VERSION).so rm -f $(DESTDIR)$(sbindir)/cgconfigparser rm -f $(DESTDIR)$(bindir)/cgexec + rm -f $(DESTDIR)$(bindir)/cgclassify clean: - \rm -f y.tab.c y.tab.h lex.yy.c y.output libcgroup.so \ + \rm -f y.tab.c y.tab.h lex.yy.c y.output libcgroup.so cgclassify\ libcgroup.so.$(VERSION) cgconfigparser config.log config.status cgexec diff --git a/cgclassify.c b/cgclassify.c new file mode 100644 index 0000000..556ed3f --- /dev/null +++ b/cgclassify.c @@ -0,0 +1,148 @@ +/* + * Copyright RedHat Inc. 2008 + * + * Authors: Vivek Goyal <vgoyal@redhat.com> + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of version 2.1 of the GNU Lesser General Public License + * as published by the Free Software Foundation. + * + * This program is distributed in the hope that it would be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. + * + */ + +#include <stdio.h> +#include <stdlib.h> +#include <string.h> +#include <errno.h> +#include <libcgroup.h> +#include <limits.h> +#include <pwd.h> +#include <unistd.h> +#include <getopt.h> +#include <sys/mount.h> +#include <sys/stat.h> +#include <sys/types.h> + +#define TEMP_BUF 81 + +/* + * Go through /proc/<pid>/status file to determine the euid of the + * process. + * It returns 0 on success and negative values on failure. + */ + +int euid_of_pid(pid_t pid) +{ + FILE *fp; + char path[FILENAME_MAX]; + char buf[TEMP_BUF]; + uid_t ruid, euid, suid, fsuid; + + sprintf(path, "/proc/%d/status", pid); + fp = fopen(path, "r"); + if (!fp) { + fprintf(stderr, "Error in opening file %s:%s\n", path, + strerror(errno)); + return -1; + } + + while (fgets(buf, TEMP_BUF, fp)) { + if (!strncmp(buf, "Uid:", 4)) { + sscanf((buf + 5), "%d%d%d%d", (int *)&ruid, + (int *)&euid, (int *)&suid, (int *)&fsuid); + dbg("Scanned proc values are %d %d %d %d\n", + ruid, euid, suid, fsuid); + return euid; + } + } + + /* If we are here, we could not find euid. Return error. */ + return -1; +} + +/* + * Go through /proc/<pid>/status file to determine the egid of the + * process. + * It returns 0 on success and negative values on failure. + */ + +int egid_of_pid(pid_t pid) +{ + FILE *fp; + char path[FILENAME_MAX]; + char buf[TEMP_BUF]; + gid_t rgid, egid, sgid, fsgid; + + sprintf(path, "/proc/%d/status", pid); + fp = fopen(path, "r"); + if (!fp) { + fprintf(stderr, "Error in opening file %s:%s\n", path, + strerror(errno)); + return -1; + } + + while (fgets(buf, TEMP_BUF, fp)) { + if (!strncmp(buf, "Gid:", 4)) { + sscanf((buf + 5), "%d%d%d%d", (int *)&rgid, + (int *)&egid, (int *)&sgid, (int *)&fsgid); + dbg("Scanned proc values are %d %d %d %d\n", + rgid, egid, sgid, fsgid); + return egid; + } + } + + /* If we are here, we could not find egid. Return error. */ + return -1; +} + +int main(int argc, char *argv[]) +{ + int ret = 0, i; + uid_t euid; + gid_t egid; + pid_t pid; + + if (argc < 2) { + fprintf(stderr, "usage is %s <list of pids> \n", + argv[0]); + exit(2); + } + + + /* Initialize libcg */ + ret = cgroup_init(); + if (ret) { + fprintf(stderr, "libcgroup initialization failed:%d\n", ret); + return ret; + } + + /* Put pids into right cgroups as per rules in /etc/cgrules.conf */ + for (i = 1; i < argc; i++) { + pid = (uid_t) atoi(argv[i]); + euid = euid_of_pid(pid); + if (euid == -1) { + fprintf(stderr, "Error in determining euid of" + " pid %d\n", pid); + return -1; + } + + egid = egid_of_pid(pid); + if (egid == -1) { + fprintf(stderr, "Error in determining egid of" + " pid %d\n", pid); + return -1; + } + + /* Change the cgroup by determining the rules based on uid */ + ret = cgroup_change_cgroup_uid_gid(euid, egid, pid); + if (ret) { + fprintf(stderr, "Error: change of cgroup failed for" + " pid %d\n", pid); + return ret; + } + } + return 0; +} |