1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
|
/*
* Copyright Red Hat Inc. 2008
*
* Author: Steve Olivieri <sjo@redhat.com>
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of version 2.1 of the GNU Lesser General Public License
* as published by the Free Software Foundation.
*
* This program is distributed in the hope that it would be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
*/
#ifndef _CGRULESENGD_H
#define _CGRULESENGD_H
#include <features.h>
__BEGIN_DECLS
#include "libcgroup.h"
#include <linux/connector.h>
#ifndef _GNU_SOURCE
#define _GNU_SOURCE
#endif
#ifndef __USE_GNU
#define __USE_GNU
#endif
/* A simple macro for printing messages only when CGROUP_DEBUG is defined. */
#ifdef CGROUP_DEBUG
#define fdbg(a, b...) fprintf(a, b)
#else
#define fdbg(a, b...) do {} while(0)
#endif /* CGROUP_DEBUG */
/* The following ten macros are all for the Netlink code. */
#define SEND_MESSAGE_LEN (NLMSG_LENGTH(sizeof(struct cn_msg) + \
sizeof(enum proc_cn_mcast_op)))
#define RECV_MESSAGE_LEN (NLMSG_LENGTH(sizeof(struct cn_msg) + \
sizeof(struct proc_event)))
#define SEND_MESSAGE_SIZE (NLMSG_SPACE(SEND_MESSAGE_LEN))
#define RECV_MESSAGE_SIZE (NLMSG_SPACE(RECV_MESSAGE_LEN))
#define max(x,y) ((y)<(x)?(x):(y))
#define min(x,y) ((y)>(x)?(x):(y))
#define BUFF_SIZE (max(max(SEND_MESSAGE_SIZE, RECV_MESSAGE_SIZE), 1024))
#define MIN_RECV_SIZE (min(SEND_MESSAGE_SIZE, RECV_MESSAGE_SIZE))
#define PROC_CN_MCAST_LISTEN (1)
#define PROC_CN_MCAST_IGNORE (2)
/**
* Prints the usage information for this program and, optionally, an error
* message. This function uses vfprintf.
* @param fd The file stream to print to
* @param msg The error message to print (printf style)
* @param ... Any args to msg (printf style)
*/
void cgre_usage(FILE *fd, const char *msg, ...);
/**
* Prints a formatted message (like printf()) to all log destinations.
* Flushes the file stream's buffer so that the message is immediately
* readable.
* @param level The log level (LOG_EMERG ... LOG_DEBUG)
* @param format The format for the message (printf style)
* @param ... Any args to format (printf style)
*/
void flog(int level, const char *msg, ...);
/**
* Process an event from the kernel, and determine the correct UID/GID/PID to
* pass to libcgroup. Then, libcgroup will decide the cgroup to move the PID
* to, if any.
* @param ev The event to process
* @param type The type of event to process (part of ev)
* @return 0 on success, > 0 on failure
*/
int cgre_process_event(const struct proc_event *ev, const int type);
/**
* Handle a netlink message. In the event of PROC_EVENT_UID or PROC_EVENT_GID,
* we pass the event along to cgre_process_event for further processing. All
* other events are ignored.
* @param cn_hdr The netlink message
* @return 0 on success, > 0 on error
*/
int cgre_handle_message(struct cn_msg *cn_hdr);
/**
* Turns this program into a daemon. In doing so, we fork() and kill the
* parent process. Note too that stdout, stdin, and stderr are closed in
* daemon mode, and a file descriptor for a log file is opened.
* @param logp Path of the log file, NULL if no log file was specified
* @param logf Syslog facility, NULL if no facility was specified
* @param daemon False to turn off daemon mode (no fork, leave FDs open)
* @param logv Log verbosity, 2 is the default, 0 = no logging, 5 = everything
* @return 0 on success, > 0 on error
*/
int cgre_start_daemon(const char *logp, const int logf,
const unsigned char daemon, const int logv);
/**
* Catch the SIGUSR2 signal and reload the rules configuration. This function
* makes use of the logfile and flog() to print the new rules.
* @param signum The signal that we caught (always SIGUSR2)
*/
void cgre_flash_rules(int signum);
/**
* Catch the SIGTERM and SIGINT signal so that we can exit gracefully. Before
* exiting, this function makes use of the logfile and flog().
* @param signum The signal that we caught (SIGTERM, SIGINT)
*/
void cgre_catch_term(int signum);
__END_DECLS
#endif /* _CGRULESENGD_H */
|
