| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
| |
Signed-off-by: Ivana Hutarova Varekova <varekova@redhat.com>
Signed-off-by: Dhaval Giani <dhaval@linux.vnet.ibm.com>
|
| |
|
|
|
|
|
| |
Add man page for cgdelete.
Signed-off-by: Jan Safranek <jsafrane@redhat.com>
Signed-off-by: Dhaval Giani <dhaval@linux.vnet.ibm.com>
|
| |
|
|
|
|
|
|
|
| |
Don't limit the number of groups cgcreate can create, allocate them
dynamically. The size of allocated space for the group is only aproximate, but
still should be better than hard CG_HIER_MAX.
Signed-off-by: Jan Safranek <jsafrane@redhat.com>
Signed-off-by: Dhaval Giani <dhaval@linux.vnet.ibm.com>
|
| |
|
|
|
|
|
|
| |
Don't limit the number of groups cgdelete can remove, allocate them
dynamically.
Signed-off-by: Jan Safranek <jsafrane@redhat.com>
Signed-off-by: Dhaval Giani <dhaval@linux.vnet.ibm.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Some libcgroup tools are limited to CG_HIER_MAX arguments. This hard limit
is suitable only to some of the tools, namely cgdelete and cgcreate should not
be limited to any particular numbers of groups to create/delete.
This patches removes the hard limit from tools-common.c and puts it to the
individual tools.
Signed-off-by: Jan Safranek <jsafrane@redhat.com>
Signed-off-by: Dhaval Giani <dhaval@linux.vnet.ibm.com>
|
| |
|
|
|
|
|
| |
Add a manpage for cgclear
Signed-off-by: Dhaval Giani <dhaval@linux.vnet.ibm.com>
Reviewed-by : Ivana Hutarova Varekova <varekova@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
files, we should remove this one too. "autoreconf" creates it when needed.
I am annoyed by reverting changes in it when I post git patches - the file
seems to change quite often, especially when I play with automake/autoconf.
Signed-off-by: Jan Safranek <jsafrane@redhat.com>
Signed-off-by: Balbir Singh <balbir@linux.vnet.ibm.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Oops, I sent older working version, here is correct one. I need to rest :(.
Here is the correct one:
All binaries are compiled with '-lpam' if --enable-pam is specified (and it
is on by default). We want only the PAM module linked with it.
The autoconf manual says about AC_CHECK_LIB:
If action-if-found is not specified, the default action prepends
-llibrary to LIBS
And the action-if-found we used was '[]', i.e. empty -> -lpam was added to
LIBS -> everything links with it. Simple action-if-found overrides this
default.
Changelog:
- use 'dnl' as comments and ':' as the 'noop' action to reflect autoconf
coding style.
Signed-off-by: Jan Safranek <jsafrane@redhat.com>
Signed-off-by: Balbir Singh <balbir@linux.vnet.ibm.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
IMHO libcgroup is not part of "Development/Libraries" group - only the devel
subpackage is. Question is, part of which group it is. Looking at
https://fedoraproject.org/wiki/RPMGroups, I like "System
Environment/Libraries" (the package provides library) or "Applications/System"
the package provides various system tools).
What is your opinion?
Signed-off-by: Jan Safranek <jsafrane@redhat.com>
Signed-off-by: Balbir Singh <balbir@linux.vnet.ibm.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
As discussed on IRC, it might be nice to distribute the PAM module as
separate subpackage.
Regarding the Group:, it seems to me all PAM modules are in "System
Environment/Base" group, so let's put this one there too.
Signed-off-by: Jan Safranek <jsafrane@redhat.com>
Signed-off-by: Balbir Singh <balbir@linux.vnet.ibm.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
We have some new tools available in /bin and /sbin and we should distribute
them.
Changelog:
- list the files instead of using wildcard
Signed-off-by: Jan Safranek <jsafrane@redhat.com>
Signed-off-by: Balbir Singh <balbir@linux.vnet.ibm.com>
|
| |
|
|
|
|
|
|
| |
This patch removes the excess "/"'s and makes the output
more readable. Please test on your systems as well.
Signed-off-by: Balbir Singh <balbir@linux.vnet.ibm.com>
Signed-off-by: Dhaval Giani <dhaval@linux.vnet.ibm.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Description:
create tool which shows cgroups which are on system:
Usage: lscgroup [<controllers>:<path>] [...]
list all cgroups
Changes since V1(the previous versions was not enumerated):
* fix the format of comments which have more than 1 line
* printf of help -> fprintf(stdout,...
* change the sequence of processing of cgroups on input (now
first) and internal controller list(first in the previous version), now the
cgroups are output in order in which they are put to input
* fix return values/error messages - now if the controller is not mount
the tool return error - it returns 0 otherwise
Changes since V2
* fix problem with slash characters
( $ lscgroup cpu:/1/2
cpu:/1/2/
cpu:/1/2/1
$ lscgroup cpu:1/2
cpu:/2/
cpu:/2/1 )
Changes since V3
* rename the variables (dp1 -> cgroup_dir_path, dp2 -> input_dir_path)
* improve the coding style
Examples:
$ lscgroup
devices:/
devices:/sysdefault
cpuset,cpuacct:/
cpuset,cpuacct:/sysdefault
cpuset,cpuacct:/daemons
cpuset,cpuacct:/daemons/ftp
$ lscgroup cpuset:/
cpuset,cpuacct:/
cpuset,cpuacct:/sysdefault
cpuset,cpuacct:/daemons
cpuset,cpuacct:/daemons/ftp
$ lscgroup cpuset:/daemons
cpuset,cpuacct:/daemons/
cpuset,cpuacct:/daemons/ftp
Signed-off-by: Ivana Hutarova Varekova <varekova@redhat.com>
Signed-off-by: Dhaval Giani <dhaval@linux.vnet.ibm.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Hi,
If a cgrulesengd daemon receives a SIGUSR2 signal (for reloading rules
configuration) while waiting in select(), a daemon finishes incorrectly
due to an "Interrupted system call" error.
If applying a patch "Add the strings of errno to cgrulesengd daemon's
message." and running `service cgred reload`, you can see the message
"selecting error: Interrupted system call". This patch fixes the problem.
There were some problems the deadlock happens related to a SIGUSR2 signal
and they have been fixed by the followings already:
* [PATCH] Fix the deadlock of vsyslog() call.
http://libcg.git.sourceforge.net/git/gitweb.cgi?p=libcg;a=commit;h=70111cd03653c3ceab9d907c14fa35e5881b2735
* [PATCH] Fix the deadlock of rl_lock.
http://libcg.git.sourceforge.net/git/gitweb.cgi?p=libcg;a=commit;h=0241c6f1df5068c006f756005c8e7faa63058c27
The above two patches fixed the problems by protecting the important
codes from receiving a SIGUSR2 signal. But this way was not good, because
the protecting code will be necessary if increasing the important codes.
Instead of protecting the important codes, this patch restricts the
effective range of receiving SIGUSR2 signal. So we will not need to add
a new protecting code by this patch.
Thanks
Ken'ichi Ohmichi
Signed-off-by: Ken'ichi Ohmichi <oomichi@mxs.nes.nec.co.jp>
Signed-off-by: Dhaval Giani <dhaval@linux.vnet.ibm.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Hi,
This patch adds the strings of errno to cgrulesengd daemon's message.
For investigating a problem that cgrulesengd daemon finishes by
`service cgred reload`, I added the strings of errno to the daemon's
message. This strings were useful for investigating.
Thanks
Ken'ichi Ohmichi
Signed-off-by: Ken'ichi Ohmichi <oomichi@mxs.nes.nec.co.jp>
Signed-off-by: Dhaval Giani <dhaval@linux.vnet.ibm.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Description:
Show controller, which are mounted/which are on input
and if option -m is used shows the mount point on which are mounted:
Changes since V1(the previous versions was not enumerated):
* fix the size of array cont_name - so no allocation and c_max variable
removed
* change the sequence of processing of controllers list on input (now
first) and internal controller list(first in the previous version), now the
controllers are output in order in which they are put to input
* fix return values/error messages - now if the controller is not mount
the tool return error - it returns 0 otherwise
Changes since V2
* fix the format of comments which have more than 1 line
Changes since V3
* printf of help -> fprintf(stdout,
Syntax:
lssubsys [-m] [controller1] [controller2] [...]
-m - show mount points
Examples:
$lssubsys -m cpuacct
cpuset,cpuacct /mnt/cgroups/cpuset
$ lssubsys
devices
cpuset,cpuacct
Signed-off-by: Ivana Hutarova Varekova <varekova@redhat.com>
Signed-off-by: Dhaval Giani <dhaval@linux.vnet.ibm.com>
|
| |
|
|
|
|
|
|
|
| |
The macro and assosicated cg_version is not used anywhere and it generates
warning:
api.c:58:1: warning: "VERSION" redefined
Signed-off-by: Jan Safranek <jsafrane@redhat.com>
Signed-off-by: Dhaval Giani <dhaval@linux.vnet.ibm.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fix following warnings:
test_functions.c: In function ‘group_modified’:
test_functions.c:435: warning: format ‘%d’ expects type ‘int *’, but argument
3 has type ‘_Bool *’
test_functions.c:440: warning: format ‘%lld’ expects type ‘long long int *’,
but argument 3 has type ‘int64_t *’
test_functions.c:445: warning: format ‘%llu’ expects type ‘long long unsigned
int *’, but argument 3 has type ‘u_int64_t *’
Signed-off-by: Jan Safranek <jsafrane@redhat.com>
Signed-off-by: Dhaval Giani <dhaval@linux.vnet.ibm.com>
|
| |
|
|
|
|
|
|
| |
libcgroup.h includes some header files, which are not then used. These should
be removed, resp. moved to the source files where they are actually needed.
Signed-off-by: Jan Safranek <jsafrane@redhat.com>
Signed-off-by: Dhaval Giani <dhaval@linux.vnet.ibm.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Let's reformat cgroup_strerror output from
Cgroup generic error, error message: Device or resource busy
to shorter and clearer
Device or resource busy
The patch assumes that _GNU_SOURCE is defined.
Signed-off-by: Jan Safranek <jsafrane@redhat.com>
Signed-off-by: Dhaval Giani <dhaval@linux.vnet.ibm.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
get_all_controller.c: In function ‘main’:
get_all_controller.c:18: warning: passing argument 1 of ‘cgroup_get_all_controller_begin’ from incompatible pointer type
get_all_controller.c:23: warning: passing argument 1 of ‘cgroup_get_all_controller_next’ from incompatible pointer type
get_all_controller.c:31: warning: passing argument 1 of ‘cgroup_get_all_controller_end’ from incompatible pointer type
The test case used a FILE * instead of a void *. Correct this change (The datatype is opaque to the caller)
Signed-off-by: Dhaval Giani <dhaval@linux.vnet.ibm.com>
|
| |
|
|
|
|
| |
The correct error code is ECGOTHER and not CGOTHER
Signed-off-by: Dhaval Giani <dhaval@linux.vnet.ibm.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
this patch add api for generating the list of all controllers (not only mount ones)
- it uses three functions:
cgroup_get_all_controller_begin
cgroup_get_all_controller_next
cgroup_get_all_controller_end
and structure:
struct controller_data {
char name[FILENAME_MAX];
int hierarchy;
int num_cgroups;
int enabled;
};
the data are read from /proc/cgroups file
Signed-off-by: Ivana Hutarova Varekova <varekova@redhat.com>
Reviewed-by: Jan Safranek <jsafrane@redhat.com>
Signed-off-by: Dhaval Giani <dhaval@linux.vnet.ibm.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Let's rework cgroup_config_unload_controller to use the brand new recursive
removal of groups. It saves *lot of* fopen() and fclose() calls:
On my (semi-broken) Fedora 11 with 196 running processes and 3 cgroup
hierarchies, the old cgclear does 668 open("*/tasks"). With the
optimized cgclear, I can see just 22 open("*/tasks") calls.
Signed-off-by: Jan Safranek <jsafrane@redhat.com>
Signed-off-by: Dhaval Giani <dhaval@linux.vnet.ibm.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The cgdelete command line tool removes given control groups.
Usage: cgdelete [-r] <controllers>:<group> [...]
# I have group 1 with many subgroups:
$ cgdelete cpu,freezer:1
cgdelete: cannot remove group '1': Cgroup generic error, error message:
Device or resource busy
$ cgdelete -r cpu,freezer:1
$
Signed-off-by: Jan Safranek <jsafrane@redhat.com>
Signed-off-by: Dhaval Giani <dhaval@linux.vnet.ibm.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Changelog:
- add braces to cgroup_delete_cgroup_ext to improve readability
- use enum instead of macro to define flags
The new function allows to recursively delete whole tree of groups. There is
new infrastructure created around (cg_delete_cgroup_controller_recursive).
It has inconsistent behavior when root group removal is requested - it removes
all children (if requested), but does not remove the root itself and returns
success value. This allows simple rewrite of cgclear functions to use this
function.
Original cgroup_delete_cgroup now leads to cgroup_delete_cgroup_ext.
Signed-off-by: Jan Safranek <jsafrane@redhat.com>
Signed-off-by: Dhaval Giani <dhaval@linux.vnet.ibm.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Changelog:
- simplify error handling in cg_move_task_files
cgroup_delete_cgroup does all the stuff on it's own. This patch refactors
the function and moves the parts with complete error handling.
The new functions are cg_delete_cgroup_controller and cg_move_task_files.
They are not necessarily needed, but it simplifies error handling and clearly
distinguishes functionality of cgroup_delete_cgroup.
Purpose of the functions should be clearly specified in the doxygen comments.
Especially note that cg_delete_cgroup_controller wants already opened file,
where all tasks should be moved - this is optimization, which will be used in
subsequent patches. I could use cgroup_get_task_* and cgroup_attach_task, which
would look definitely nicer, but it would lead to lot of fopen() and fclose()
calls. Let me know what do you think about it.
Signed-off-by: Jan Safranek <jsafrane@redhat.com>
Signed-off-by: Dhaval Giani <dhaval@linux.vnet.ibm.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
There are more issues with cgroup_find_parent function:
1.
The cgroup_find_parent expects, that it's argument is group in
cg_mount_table[0] controller, which is not always the case.
IMHO the function should accept complete struct cgroup and find real parent.
2.
when checking the st_dev of the group and it's parent to prevent
"underflow" to real filesystem, actually the parent and it's parent are
checked instead of group and it's parent.
In addition, I enhanced the function to return real error code when something
goes wrong.
Open question is, if the function should return just char* as parent's
name or whole struct cgroup*. The second case is more natural - we should
work with groups and not group names, but in some cases just the name is
needed and whole cgroup creation would be unnecessary overhead (I have
prepared cgcdelete tool, which needs just parent's name).
Signed-off-by: Jan Safranek <jsafrane@redhat.com>
Signed-off-by: Dhaval Giani <dhaval@linux.vnet.ibm.com>
|
| |
|
|
|
|
|
|
|
| |
move copy_name_value_from_rules procedure to wrapper.c file and
add the header to libcgroup-internal.h
Signed-off-by: Ivana Varekova <varekova@redhat.com>
Acked-by: Dhaval Giani <dhaval@linux.vnet.ibm.com>
Signed-off-by: Dhaval Giani <dhaval@linux.vnet.ibm.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Hi,
Current cgrulesengd daemon changes the cgroup of each process by a rule
based on uid, gid, and process name. And it is good that the log of the
daemon contains a process name with uid and gid.
This patch adds a process name to the log message.
Thanks
Ken'ichi Ohmichi
Signed-off-by: Ken'ichi Ohmichi <oomichi@mxs.nes.nec.co.jp>
Signed-off-by: Dhaval Giani <dhaval@linux.vnet.ibm.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Hi,
Changelog since v1:
===================
* Rebase the latest code.
* Cleanup.
The log message "Cgroup change for PID:X, UID:X, GID:X FAILED!" is output
by cgrulesengd daemon, even if a process finished already and that is not
a problem.
This patch prevents the daemon from outputting this spam log message.
* Reference
[PATCH 2/2] Reduce "Cgroup change for PID:X, UID:X, GID:X FAILED!" messages.
http://sourceforge.net/mailarchive/message.php?msg_name=4A10EE7E.60403%40mxs.nes.nec.co.jp
Thanks
Ken'ichi Ohmichi
Signed-off-by: Ken'ichi Ohmichi <oomichi@mxs.nes.nec.co.jp>
Signed-off-by: Dhaval Giani <dhaval@linux.vnet.ibm.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
This patch allows users to configure location of cgrulesengd socket before
compilation:
./configure --enable-cgred-socket=/var/run/cgred.socket
In addition, /var/run/cgred.socket is now default location of the socket - this
sounds LSB compliant to me. Feel free to suggest better one.
Signed-off-by: Jan Safranek <jsafrane@redhat.com>
Signed-off-by: Dhaval Giani <dhaval@linux.vnet.ibm.com>
|
| |
|
|
|
|
|
|
| |
Rename CGRULE_CGRED_TEMP_FILE to CGRULE_CGRED_SOCKET_PATH to better describe
the macro usage - it's not a temporary file, it's a socket.
Signed-off-by: Jan Safranek <jsafrane@redhat.com>
Signed-off-by: Dhaval Giani <dhaval@linux.vnet.ibm.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Hi,
If compiling the latest code (8cc1d9743201cb9ae9a5286c898b9d47e318ed46),
the following warning messages are printed. The problem is due to invalid
call of cgroup_find_matching_rule_uid_gid(). Instead of this function call,
cgroup_find_matching_rule() should be called as
"[PATCH-v6 03/11] Add the key "process name" to find a matching rule.".
$ make
[snip]
api.c: In function 'cgroup_change_cgroup_flags':
api.c:1994: warning: passing argument 3 of 'cgroup_find_matching_rule_uid_gid' from incompatible pointer type
api.c: At top level:
api.c:1923: warning: 'cgroup_find_matching_rule' defined but not used
[snip]
$
* Reference:
"[PATCH-v6 03/11] Add the key "process name" to find a matching rule."
http://sourceforge.net/mailarchive/message.php?msg_name=4A44617E.9060002%40mxs.nes.nec.co.jp
Signed-off-by: Ken'ichi Ohmichi <oomichi@mxs.nes.nec.co.jp>
Signed-off-by: Dhaval Giani <dhaval@linux.vnet.ibm.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Hi,
If compiling the latest code (8cc1d9743201cb9ae9a5286c898b9d47e318ed46),
the following warning messages are printed.
$ make
[snip]
cgset.c: In function 'usage':
cgset.c:123: warning: too many arguments for format
[snip]
$
This patch fixes too many program name in the usage message of "cgset"
command.
Thanks
Ken'ichi Ohmichi
Signed-off-by: Ken'ichi Ohmichi <oomichi@mxs.nes.nec.co.jp>
Signed-off-by: Dhaval Giani <dhaval@linux.vnet.ibm.com>
|
| |
|
|
|
|
|
| |
This patch fixed man page and adds newly added parameters
Signed-off-by: Ivana Varekova <varekova@redhat.com>
Signed-off-by: Dhaval Giani <dhaval@linux.vnet.ibm.com>
|
| |
|
|
|
|
|
| |
Add copy-from option to cgset
Signed-off-by: Ivana Varekova <varekova@redhat.com>
Signed-off-by: Dhaval Giani <dhaval@linux.vnet.ibm.com>
|
| |
|
|
|
|
|
|
|
|
| |
Change the handling of options
- add the possibility to use long options
- add --help option
- change the type of c (see man 3 getopt_long)
Signed-off-by: Ivana Varekova <varekova@redhat.com>
Signed-off-by: Dhaval Giani <dhaval@linux.vnet.ibm.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- This patch change the system of generating cgroup to
1/ create one src cgroup
2/ for each input cgroup name cgroup_copy_cgroup
the name-value data from original one
This method is better because the name-values pairs should not be
parsed several times. And this method will be used in new coption
--copy-from too (the src group will be find in option)
move the part in which src is generated to separate function
Signed-off-by: Ivana Varekova <varekova@redhat.com>
Signed-off-by: Dhaval Giani <dhaval@linux.vnet.ibm.com>
|
| |
|
|
|
|
|
| |
Add cgset_SOURCES to Makefile
Signed-off-by: Ivana Varekova <varekova@redhat.com>
Signed-off-by: Dhaval Giani <dhaval@linux.vnet.ibm.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Hi,
This patch clarifies the number meanings of string length in the function
cgroup_get_uid_gid_from_procfs(). This is recreated based on Igawa-san's
patch for the latest code.
* Reference
Igawa-san's patch
http://sourceforge.net/mailarchive/message.php?msg_name=20090515.085922.109268324.igawa%40mxs.nes.nec.co.jp
Signed-off-by: Masayuki Igawa <igawa@mxs.nes.nec.co.jp>
Signed-off-by: Ken'ichi Ohmichi <oomichi@mxs.nes.nec.co.jp>
Signed-off-by: Dhaval Giani <dhaval@linux.vnet.ibm.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Hi,
Changelog of v6:
================
* New patch.
This patch adds a new test command "proctest" for testing both
cgroup_get_uid_gid_from_procfs() and cgroup_get_procname_from_procfs().
# sleep 100 &
[1] 28558
# ./tests/proctest $$ 28558
Pid | Process name | Uid | Gid
-------+----------------------------------+-------+-------
27219 | /bin/bash | 0 | 0
28558 | /bin/sleep | 0 | 0
#
The functions get a process information from /proc fs, and they are
fragile because the content of /proc fs is not stable. If changing
/proc fs in future, this test command will be useful for catching
the change.
Thanks
Ken'ichi Ohmichi
Signed-off-by: Ken'ichi Ohmichi <oomichi@mxs.nes.nec.co.jp>
Signed-off-by: Dhaval Giani <dhaval@linux.vnet.ibm.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Hi,
Changelog of v6:
================
* No change.
Changelog of v5:
================
* New patch.
Description:
============
This patch add the description about a new rule to both the manpage
of cgrules.conf and the sample of cgrules.conf.
Thanks
Ken'ichi Ohmichi
Signed-off-by: Ken'ichi Ohmichi <oomichi@mxs.nes.nec.co.jp>
Signed-off-by: Dhaval Giani <dhaval@linux.vnet.ibm.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Hi,
Changelog of v6:
================
* Change the cgroup_get_procname_from_procfs() calling for the
returning value's change.
Changelog of v5:
================
* Add the description of a new option "--sticky".
Changelog of v4:
================
* Add a new option "--sticky" so that cgrulesengd daemon does not change
the children's cgroups which is classified by 'cgclassify' command.
Changelog of v3:
================
* New patch.
Description:
============
This patch applies a new rule to 'cgclassify' command.
Thanks
Ken'ichi Ohmichi
Signed-off-by: Ken'ichi Ohmichi <oomichi@mxs.nes.nec.co.jp>
Signed-off-by: Dhaval Giani <dhaval@linux.vnet.ibm.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Hi,
Changelog of v6:
================
* No change.
Changelog of v5:
================
* Add the description of a new option "--sticky".
Changelog of v4:
================
* Add a new option "--sticky" so that cgrulesengd daemon does not change
the children's cgroups which is executed by 'cgexec' command.
Changelog of v3:
================
* Set a SETUID to "cgexec" command file.
* An euid is changed to the executing user from a root user.
Changelog of v2:
================
* New patch.
Description:
============
This patch applies a new rule to 'cgexec' command.
cgroup_register_unchanged_process() is called so that cgrulesengd
daemon does not change the cgroup of a process, which is executed
by 'cgexec' command.
And cgroup_change_cgroup_flags() is called for applying a new rule.
Thanks
Ken'ichi Ohmichi
Signed-off-by: Ken'ichi Ohmichi <oomichi@mxs.nes.nec.co.jp>
Signed-off-by: Dhaval Giani <dhaval@linux.vnet.ibm.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Hi,
Changelog of v6:
================
* No change.
Changelog of v5:
================
* Rebase the patch to the latest code.
Changelog of v4:
================
* No change.
Changelog of v3:
================
* No change.
Changelog of v2:
================
* New patch.
Description:
============
This patch adds the library function cgroup_register_unchanged_process()
for notifying cgrulesengd daemon of the unchanged process.
Thanks
Ken'ichi Ohmichi
Signed-off-by: Ken'ichi Ohmichi <oomichi@mxs.nes.nec.co.jp>
Signed-off-by: Dhaval Giani <dhaval@linux.vnet.ibm.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Hi,
Changelog of v6:
================
* No change.
Changelog of v5:
================
* No change.
Changelog of v4:
================
* Add the comment "FIXME: Change the temporary file to configurable one."
* Define the number of allocation.
Changelog of v3:
================
* Set the value 0x1 to CGROUP_DAEMON_UNCHANGE_CHILDREN flag.
Changelog of v2:
================
* New patch.
Description:
============
This patch adds the handler of unchanged process to the cgrulesengd daemon.
By this patch, the daemon does not change a process which is executed by
'cgexec' command, because it is possible to notify the unchanged process to
the daemon by using "unix domain socket".
Thanks
Ken'ichi Ohmichi
Signed-off-by: Ken'ichi Ohmichi <oomichi@mxs.nes.nec.co.jp>
Signed-off-by: Dhaval Giani <dhaval@linux.vnet.ibm.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Hi,
Changelog of v6:
================
* No change.
Changelog of v5:
================
* No change.
Changelog of v4:
================
* Remove unused parameter "cn_hdr" from cgre_receive_netlink_msg().
Changelog of v3:
================
* No change.
Changelog of v2:
================
* New patch.
Description:
============
This patch separates the netlink method for the readability, because
the later patch [PATCH 6/9] adds "unix domain socket" handling method
around the netlink method.
Thanks
Ken'ichi Ohmichi
Signed-off-by: Ken'ichi Ohmichi <oomichi@mxs.nes.nec.co.jp>
Signed-off-by: Dhaval Giani <dhaval@linux.vnet.ibm.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Hi,
Changelog of v6:
================
* Change the cgroup_get_procname_from_procfs() calling for the
returning value's change.
Changelog of v5:
================
* No change.
Changelog of v4:
================
* No change.
Changelog of v3:
================
* No change.
Changelog of v2:
================
* No change.
Description:
============
A process name is changed when execve(2), so a new rule based on
process name should be applied when execve(2) happens.
Then this patch adds an EXEC event to the event handler.
Thanks
Ken'ichi Ohmichi
Signed-off-by: Ken'ichi Ohmichi <oomichi@mxs.nes.nec.co.jp>
Signed-off-by: Dhaval Giani <dhaval@linux.vnet.ibm.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Hi,
Changelog of v6:
================
* No change.
Changelog of v5.1:
==================
* BUGFIX: Clear the flags meaning "found a matching rule"
when a process name does not match.
There was a problem that cgexec and cgclassify didn't work correctly
if a user executes cgexec/cgclassify based on /etc/cgrules.conf.
For example, if a root user executes `cgclassify $$` on the following
/etc/cgrules.conf, the process ($$) should be moved to users/root on
cpuset and memory subsystems. But the process was moved to users/root/cp
on memory subsystem only.
Example of /etc/cgrules.conf:
=============================
root:cp cpuset users/root/cp
% memory users/root/cp
root cpuset users/root
% memory users/root
The cause is why the flags meaning "found a matching rule" (uid, gid, and
matched) is not cleared when a process name does not match. This problem
is fixed on this patch.
Changelog of v5:
================
* Rebase the patch to the latest code.
Changelog of v4:
================
* No change.
Changelog of v3:
================
* BUGFIX: Fix the handling of '%' in /etc/cgrules.conf.
Changelog of v2:
================
* Use strcmp() instead of strncmp() for checking a process name strictly.
* Some cleanups.
Description:
============
This patch adds the key "process name" to find a matching rule.
Thanks
Ken'ichi Ohmichi
Signed-off-by: Ken'ichi Ohmichi <oomichi@mxs.nes.nec.co.jp>
Signed-off-by: Dhaval Giani <dhaval@linux.vnet.ibm.com>
|
