diff --git a/.libcgroup.metadata b/.libcgroup.metadata new file mode 100644 index 0000000..ea470e4 --- /dev/null +++ b/.libcgroup.metadata @@ -0,0 +1 @@ +963fe7ff632317d5d4373b0748af31ab9ce43718 SOURCES/libcgroup-0.40.rc1.tar.bz2 diff --git a/README.md b/README.md deleted file mode 100644 index 0e7897f..0000000 --- a/README.md +++ /dev/null @@ -1,5 +0,0 @@ -The master branch has no content - -Look at the c7 branch if you are working with CentOS-7, or the c4/c5/c6 branch for CentOS-4, 5 or 6 - -If you find this file in a distro specific branch, it means that no content has been checked in yet diff --git a/SOURCES/cgconfig.service b/SOURCES/cgconfig.service new file mode 100644 index 0000000..9b546a6 --- /dev/null +++ b/SOURCES/cgconfig.service @@ -0,0 +1,17 @@ +[Unit] +Description=Control Group configuration service + +# The service should be able to start as soon as possible, +# before any 'normal' services: +DefaultDependencies=no +Conflicts=shutdown.target +Before=basic.target shutdown.target + +[Service] +Type=oneshot +RemainAfterExit=yes +ExecStart=/usr/sbin/cgconfigparser -l /etc/cgconfig.conf -s 1664 +ExecStop=/usr/sbin/cgclear -l /etc/cgconfig.conf -e + +[Install] +WantedBy=sysinit.target diff --git a/SOURCES/fedora-config.patch b/SOURCES/fedora-config.patch new file mode 100644 index 0000000..5fafc32 --- /dev/null +++ b/SOURCES/fedora-config.patch @@ -0,0 +1,65 @@ +Fedora specific configuration - we want to mount all controllers by default for libvirt. + +diff -up libcgroup-0.34/samples/cgconfig.conf.orig libcgroup-0.34/samples/cgconfig.conf +--- libcgroup-0.34/samples/cgconfig.conf.orig 2009-03-04 10:40:06.000000000 +0100 ++++ libcgroup-0.34/samples/cgconfig.conf 2009-10-19 10:17:37.000000000 +0200 +@@ -10,39 +10,8 @@ + # WITHOUT ANY WARRANTY; without even the implied warranty of + # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. + # +-#group daemons/www { +-# perm { +-# task { +-# uid = root; +-# gid = webmaster; +-# } +-# admin { +-# uid = root; +-# gid = root; +-# } +-# } +-# cpu { +-# cpu.shares = 1000; +-# } +-#} + # +-#group daemons/ftp { +-# perm { +-# task { +-# uid = root; +-# gid = ftpmaster; +-# } +-# admin { +-# uid = root; +-# gid = root; +-# } +-# } +-# cpu { +-# cpu.shares = 500; +-# } +-#} +-# +-#mount { +-# cpu = /mnt/cgroups/cpu; +-# cpuacct = /mnt/cgroups/cpuacct; +-#} ++# By default, we expect systemd mounts everything on boot, ++# so there is not much to do. ++# See man cgconfig.conf for further details, how to create groups ++# on system boot using this file. ++ +diff -up libcgroup-0.35.1/samples/cgconfig.sysconfig.orig libcgroup-0.35.1/samples/cgconfig.sysconfig +--- libcgroup-0.35.1/samples/cgconfig.sysconfig.orig 2010-03-09 14:56:34.000000000 +0100 ++++ libcgroup-0.35.1/samples/cgconfig.sysconfig 2010-03-09 16:30:12.000000000 +0100 +@@ -5,8 +5,6 @@ + # controller to limit cpu.shares of this default group and allowing some more + # important group take most of the CPU. + # +-# By default, create these groups: +-CREATE_DEFAULT=yes +- +-# Uncomment following line to disable creation of the default group on startup: +-# CREATE_DEFAULT=no ++# By default, do not create these groups: ++# CREATE_DEFAULT=yes ++CREATE_DEFAULT=no diff --git a/SOURCES/libcgroup-0.37-cgred-empty-config.patch b/SOURCES/libcgroup-0.37-cgred-empty-config.patch new file mode 100644 index 0000000..b1b7fd2 --- /dev/null +++ b/SOURCES/libcgroup-0.37-cgred-empty-config.patch @@ -0,0 +1,51 @@ +diff -up libcgroup-0.40.rc1/scripts/init.d/cgred.in.empty-config libcgroup-0.40.rc1/scripts/init.d/cgred.in +--- libcgroup-0.40.rc1/scripts/init.d/cgred.in.empty-config 2013-08-26 14:24:16.070531165 +0200 ++++ libcgroup-0.40.rc1/scripts/init.d/cgred.in 2013-08-26 14:24:16.072531149 +0200 +@@ -81,10 +81,6 @@ start() + log_failure_msg "$servicename is already running with PID `cat ${pidfile}`" + return 0 + fi +- if [ ! -s $CGRED_CONF ]; then +- log_failure_msg "not configured" +- return 6 +- fi + if ! grep "^cgroup" /proc/mounts &>/dev/null; then + echo + log_failure_msg $"Cannot find cgroups, is cgconfig service running?" +diff -up libcgroup-0.40.rc1/src/api.c.empty-config libcgroup-0.40.rc1/src/api.c +--- libcgroup-0.40.rc1/src/api.c.empty-config 2013-05-21 15:36:04.000000000 +0200 ++++ libcgroup-0.40.rc1/src/api.c 2013-08-26 14:24:16.073531142 +0200 +@@ -541,17 +541,6 @@ static int cgroup_parse_rules(bool cache + /* Loop variable. */ + int i = 0; + +- /* Open the configuration file. */ +- pthread_rwlock_wrlock(&rl_lock); +- fp = fopen(CGRULES_CONF_FILE, "re"); +- if (!fp) { +- cgroup_err("Error: failed to open configuration file %s: %s\n", +- CGRULES_CONF_FILE, strerror(errno)); +- last_errno = errno; +- ret = ECGOTHER; +- goto unlock; +- } +- + /* Determine which list we're using. */ + if (cache) + lst = &rl; +@@ -562,6 +551,15 @@ static int cgroup_parse_rules(bool cache + if (lst->head) + cgroup_free_rule_list(lst); + ++ /* Open the configuration file. */ ++ pthread_rwlock_wrlock(&rl_lock); ++ fp = fopen(CGRULES_CONF_FILE, "re"); ++ if (!fp) { ++ cgroup_warn("Warning: failed to open configuration file %s: %s\n", ++ CGRULES_CONF_FILE, strerror(errno)); ++ goto unlock; ++ } ++ + /* Now, parse the configuration file one line at a time. */ + cgroup_dbg("Parsing configuration file.\n"); + while (fgets(buff, sizeof(buff), fp) != NULL) { diff --git a/SOURCES/libcgroup-0.37-chmod.patch b/SOURCES/libcgroup-0.37-chmod.patch new file mode 100644 index 0000000..a7aad8c --- /dev/null +++ b/SOURCES/libcgroup-0.37-chmod.patch @@ -0,0 +1,31 @@ +diff -up libcgroup-0.40.rc1/src/api.c.chmod libcgroup-0.40.rc1/src/api.c +--- libcgroup-0.40.rc1/src/api.c.chmod 2013-08-26 17:30:03.588276405 +0200 ++++ libcgroup-0.40.rc1/src/api.c 2013-08-26 17:30:23.104126917 +0200 +@@ -156,6 +156,10 @@ static int cg_chown_file(FTS *fts, FTSEN + return ret; + } + ++int cg_chmod_file(FTS *fts, FTSENT *ent, mode_t dir_mode, ++ int dirm_change, mode_t file_mode, int filem_change, ++ int owner_is_umask); ++ + /* + * TODO: Need to decide a better place to put this function. + */ +@@ -163,6 +167,8 @@ static int cg_chown_recursive(char **pat + { + int ret = 0; + FTS *fts; ++ /* mode 664 */ ++ mode_t mode = S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP | S_IROTH; + + cgroup_dbg("chown: path is %s\n", *path); + fts = fts_open(path, FTS_PHYSICAL | FTS_NOCHDIR | +@@ -180,6 +186,7 @@ static int cg_chown_recursive(char **pat + cgroup_warn("Warning: fts_read failed\n"); + break; + } ++ cg_chmod_file(fts, ent, mode, 0, mode, 1, 1); + ret = cg_chown_file(fts, ent, owner, group); + } + fts_close(fts); diff --git a/SOURCES/libcgroup-0.37-pam_cgroup.patch b/SOURCES/libcgroup-0.37-pam_cgroup.patch new file mode 100644 index 0000000..2ca7f1d --- /dev/null +++ b/SOURCES/libcgroup-0.37-pam_cgroup.patch @@ -0,0 +1,12 @@ +diff -up ./libcgroup-0.37/src/pam/pam_cgroup.c.old ./libcgroup-0.37/src/pam/pam_cgroup.c +--- a/src/pam/pam_cgroup.c.old 2010-10-20 15:59:13.000000000 +0200 ++++ b/src/pam/pam_cgroup.c 2013-06-13 17:50:56.000000000 +0200 +@@ -137,7 +137,7 @@ PAM_EXTERN int pam_sm_open_session(pam_h + /* Note: We are using default gid here. Is there a way to determine + * under what egid service will be provided? + */ +- ret = cgroup_change_cgroup_uid_gid(pwd->pw_uid, pwd->pw_gid, pid); ++ ret = cgroup_change_cgroup_uid_gid_flags(pwd->pw_uid, pwd->pw_gid, pid, CGFLAG_USECACHE); + if (ret) { + if (ctrl & PAM_DEBUG_ARG) + pam_syslog(pamh, LOG_ERR, "Change of cgroup for process" diff --git a/SOURCES/libcgroup-0.40.rc1-cast-and-typo.patch b/SOURCES/libcgroup-0.40.rc1-cast-and-typo.patch new file mode 100644 index 0000000..770b546 --- /dev/null +++ b/SOURCES/libcgroup-0.40.rc1-cast-and-typo.patch @@ -0,0 +1,24 @@ +diff -upr libcgroup-0.40.rc1.orig/src/tools/cgclassify.c libcgroup-0.40.rc1/src/tools/cgclassify.c +--- libcgroup-0.40.rc1.orig/src/tools/cgclassify.c 2013-05-21 15:36:04.000000000 +0200 ++++ libcgroup-0.40.rc1/src/tools/cgclassify.c 2013-09-12 14:56:17.008741770 +0200 +@@ -175,7 +175,7 @@ int main(int argc, char *argv[]) + } + + for (i = optind; i < argc; i++) { +- pid = (uid_t) strtol(argv[i], &endptr, 10); ++ pid = (pid_t) strtol(argv[i], &endptr, 10); + if (endptr[0] != '\0') { + /* the input argument was not a number */ + fprintf(stderr, "Error: %s is not valid pid.\n", +diff -upr libcgroup-0.40.rc1.orig/src/tools/cgexec.c libcgroup-0.40.rc1/src/tools/cgexec.c +--- libcgroup-0.40.rc1.orig/src/tools/cgexec.c 2013-05-21 15:36:04.000000000 +0200 ++++ libcgroup-0.40.rc1/src/tools/cgexec.c 2013-09-12 14:57:17.203086321 +0200 +@@ -113,7 +113,7 @@ int main(int argc, char *argv[]) + /* Just for debugging purposes. */ + uid = geteuid(); + gid = getegid(); +- cgroup_dbg("My euid and eguid is: %d,%d\n", (int) uid, (int) gid); ++ cgroup_dbg("My euid and egid is: %d,%d\n", (int) uid, (int) gid); + + uid = getuid(); + gid = getgid(); diff --git a/SOURCES/libcgroup-0.40.rc1-cgred-order.patch b/SOURCES/libcgroup-0.40.rc1-cgred-order.patch new file mode 100644 index 0000000..8858ae9 --- /dev/null +++ b/SOURCES/libcgroup-0.40.rc1-cgred-order.patch @@ -0,0 +1,12 @@ +diff -ur libcgroup-0.37.orig/scripts/init.d/cgred.in libcgroup-0.37/scripts/init.d/cgred.in +--- libcgroup-0.37.orig/scripts/init.d/cgred.in 2013-08-15 13:47:27.408910000 +0200 ++++ libcgroup-0.37/scripts/init.d/cgred.in 2013-08-15 13:48:12.939568065 +0200 +@@ -14,7 +14,7 @@ + # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. + # + # cgred CGroups Rules Engine Daemon +-# chkconfig: - 14 86 ++# chkconfig: - 30 86 + # description: This is a daemon for automatically classifying processes \ + # into cgroups based on UID/GID. + # diff --git a/SOURCES/libcgroup-0.40.rc1-change-all-cgroups-cache.patch b/SOURCES/libcgroup-0.40.rc1-change-all-cgroups-cache.patch new file mode 100644 index 0000000..3ed6fa4 --- /dev/null +++ b/SOURCES/libcgroup-0.40.rc1-change-all-cgroups-cache.patch @@ -0,0 +1,13 @@ +diff -upr libcgroup-0.40.rc1.orig/src/api.c libcgroup-0.40.rc1/src/api.c +--- libcgroup-0.40.rc1.orig/src/api.c 2013-09-26 10:28:26.150422000 +0200 ++++ libcgroup-0.40.rc1/src/api.c 2013-09-26 13:33:20.439405038 +0200 +@@ -3140,7 +3140,8 @@ int cgroup_change_all_cgroups(void) + if (err) + continue; + +- err = cgroup_change_cgroup_flags(euid, egid, procname, pid, 0); ++ err = cgroup_change_cgroup_flags(euid, egid, ++ procname, pid, CGFLAG_USECACHE); + if (err) + cgroup_dbg("cgroup change pid %i failed\n", pid); + } diff --git a/SOURCES/libcgroup-0.40.rc1-config-table.patch b/SOURCES/libcgroup-0.40.rc1-config-table.patch new file mode 100644 index 0000000..cdf61d8 --- /dev/null +++ b/SOURCES/libcgroup-0.40.rc1-config-table.patch @@ -0,0 +1,31 @@ +diff -upr libcgroup-0.40.rc1.orig/src/config.c libcgroup-0.40.rc1/src/config.c +--- libcgroup-0.40.rc1.orig/src/config.c 2013-09-12 16:40:32.552179000 +0200 ++++ libcgroup-0.40.rc1/src/config.c 2013-09-12 17:12:30.218979633 +0200 +@@ -130,7 +130,7 @@ int config_insert_cgroup(char *cg_name, + break; + default: + return 0; +- } ++ } + + if (*table_index >= *max - 1) { + struct cgroup *newblk; +@@ -151,7 +151,17 @@ int config_insert_cgroup(char *cg_name, + memset(newblk + oldlen, 0, (*max - oldlen) * + sizeof(struct cgroup)); + init_cgroup_table(newblk + oldlen, *max - oldlen); +- config_cgroup_table = newblk; ++ config_table = newblk; ++ switch (flag) { ++ case CGROUP: ++ config_cgroup_table = config_table; ++ break; ++ case TEMPLATE: ++ config_template_table = config_table; ++ break; ++ default: ++ return 0; ++ } + cgroup_dbg("maximum %d\n", *max); + cgroup_dbg("reallocated config_table to %p\n", + config_table); diff --git a/SOURCES/libcgroup-0.40.rc1-coverity.patch b/SOURCES/libcgroup-0.40.rc1-coverity.patch new file mode 100644 index 0000000..0d4d059 --- /dev/null +++ b/SOURCES/libcgroup-0.40.rc1-coverity.patch @@ -0,0 +1,151 @@ +diff -upr libcgroup-0.40.rc1.orig/src/api.c libcgroup-0.40.rc1/src/api.c +--- libcgroup-0.40.rc1.orig/src/api.c 2013-08-27 18:20:40.399333000 +0200 ++++ libcgroup-0.40.rc1/src/api.c 2013-08-27 19:34:07.569670729 +0200 +@@ -1003,6 +1003,10 @@ int cgroup_init(void) + + if (mntopt) { + mntopt = strtok_r(mntopt, ",", &strtok_buffer); ++ if (!mntopt) { ++ continue; ++ } ++ + /* + * Check if it is a duplicate + */ +@@ -2719,10 +2723,10 @@ char *cgroup_copy_with_slash(char *input + int len = strlen(input); + + /* if input does not end with '/', allocate one more space for it */ +- if ((input[len-2]) != '/') ++ if ((input[len-1]) != '/') + len = len+1; + +- output = (char *)malloc(sizeof(char)*(len)); ++ output = (char *)malloc(sizeof(char)*(len + 1)); + if (output == NULL) + return NULL; + +@@ -2796,7 +2800,6 @@ static int cgroup_create_template_group( + if (group_name == NULL) { + ret = ECGOTHER; + last_errno = errno; +- free(template_name); + goto end; + } + +@@ -3318,7 +3321,7 @@ int cgroup_get_current_controller_path(p + } + + token = strtok_r(controllers, ",", &savedptr); +- do { ++ while (token) { + if (strncmp(controller, token, strlen(controller) + 1) + == 0) { + *current_path = strdup(cgroup_path); +@@ -3331,7 +3334,7 @@ int cgroup_get_current_controller_path(p + goto done; + } + token = strtok_r(NULL, ",", &savedptr); +- } while (token); ++ } + } + + done: +diff -upr libcgroup-0.40.rc1.orig/src/config.c libcgroup-0.40.rc1/src/config.c +--- libcgroup-0.40.rc1.orig/src/config.c 2013-05-21 15:36:04.000000000 +0200 ++++ libcgroup-0.40.rc1/src/config.c 2013-08-27 19:31:54.193828164 +0200 +@@ -313,7 +313,7 @@ int config_group_task_perm(char *perm_ty + long val = atoi(value); + char buffer[CGROUP_BUFFER_LEN]; + struct cgroup *config_cgroup; +- int table_index; ++ int table_index, ret; + + switch (flag) { + case CGROUP: +@@ -357,10 +357,10 @@ int config_group_task_perm(char *perm_ty + if (!group) + goto group_task_error; + +- getgrnam_r(value, group, buffer, ++ ret = getgrnam_r(value, group, buffer, + CGROUP_BUFFER_LEN, &group_buffer); + +- if (group_buffer == NULL) { ++ if (ret != 0 || group_buffer == NULL) { + free(group); + goto group_task_error; + } +@@ -426,7 +426,7 @@ int config_group_admin_perm(char *perm_t + struct cgroup *config_cgroup; + long val = atoi(value); + char buffer[CGROUP_BUFFER_LEN]; +- int table_index; ++ int table_index, ret; + + switch (flag) { + case CGROUP: +@@ -469,10 +469,10 @@ int config_group_admin_perm(char *perm_t + if (!group) + goto admin_error; + +- getgrnam_r(value, group, buffer, ++ ret = getgrnam_r(value, group, buffer, + CGROUP_BUFFER_LEN, &group_buffer); + +- if (group_buffer == NULL) { ++ if (ret != 0 || group_buffer == NULL) { + free(group); + goto admin_error; + } +@@ -1576,14 +1576,14 @@ int cgroup_config_create_template_group( + /* name and controller match template found */ + /* variables substituted in template */ + strncpy(buffer, t_cgroup->name, +- FILENAME_MAX); ++ FILENAME_MAX - 1); + strncpy(t_cgroup->name, cgroup->name, +- FILENAME_MAX); ++ FILENAME_MAX - 1); + + ret = cgroup_create_cgroup(t_cgroup, flags); + + strncpy(t_cgroup->name, buffer, +- FILENAME_MAX); ++ FILENAME_MAX - 1); + if (ret) { + cgroup_dbg("creating group %s, error %d\n", + cgroup->name, ret); +@@ -1600,7 +1600,7 @@ int cgroup_config_create_template_group( + /* no template is present for given name x controller pair + * add controller to result cgroup */ + aux_cgroup = cgroup_new_cgroup(cgroup->name); +- if (ret) { ++ if (!aux_cgroup) { + ret = ECGINVAL; + fprintf(stderr, "cgroup %s can't be created\n", + cgroup->name); +diff -upr libcgroup-0.40.rc1.orig/src/daemon/cgrulesengd.c libcgroup-0.40.rc1/src/daemon/cgrulesengd.c +--- libcgroup-0.40.rc1.orig/src/daemon/cgrulesengd.c 2013-05-21 15:36:04.000000000 +0200 ++++ libcgroup-0.40.rc1/src/daemon/cgrulesengd.c 2013-08-27 18:56:41.000674181 +0200 +@@ -646,7 +646,7 @@ close: + + static int cgre_create_netlink_socket_process_msg(void) + { +- int sk_nl = 0, sk_unix = 0, sk_max; ++ int sk_nl = -1, sk_unix = -1, sk_max; + struct sockaddr_nl my_nla; + char buff[BUFF_SIZE]; + int rc = -1; +@@ -784,9 +784,9 @@ static int cgre_create_netlink_socket_pr + } + + close_and_exit: +- if (sk_nl > 0) ++ if (sk_nl > -1) + close(sk_nl); +- if (sk_unix > 0) ++ if (sk_unix > -1) + close(sk_unix); + return rc; + } diff --git a/SOURCES/libcgroup-0.40.rc1-coverity2.patch b/SOURCES/libcgroup-0.40.rc1-coverity2.patch new file mode 100644 index 0000000..07ba52c --- /dev/null +++ b/SOURCES/libcgroup-0.40.rc1-coverity2.patch @@ -0,0 +1,17 @@ +diff -upr libcgroup-0.40.rc1.orig/src/tools/lscgroup.c libcgroup-0.40.rc1/src/tools/lscgroup.c +--- libcgroup-0.40.rc1.orig/src/tools/lscgroup.c 2013-05-21 15:36:04.000000000 +0200 ++++ libcgroup-0.40.rc1/src/tools/lscgroup.c 2013-11-04 14:26:53.400473523 +0100 +@@ -97,11 +97,11 @@ static int display_controller_data(char + if (ret != 0) + return ret; + +- strncpy(cgroup_dir_path, info.full_path, FILENAME_MAX); ++ strncpy(cgroup_dir_path, info.full_path, FILENAME_MAX - 1); + /* remove problematic '/' characters from cgroup directory path*/ + trim_filepath(cgroup_dir_path); + +- strncpy(input_dir_path, input_path, FILENAME_MAX); ++ strncpy(input_dir_path, input_path, FILENAME_MAX - 1); + + /* remove problematic '/' characters from input directory path*/ + trim_filepath(input_dir_path); diff --git a/SOURCES/libcgroup-0.40.rc1-fread.patch b/SOURCES/libcgroup-0.40.rc1-fread.patch new file mode 100644 index 0000000..681c664 --- /dev/null +++ b/SOURCES/libcgroup-0.40.rc1-fread.patch @@ -0,0 +1,49 @@ +diff -upr libcgroup-0.40.rc1.orig/src/api.c libcgroup-0.40.rc1/src/api.c +--- libcgroup-0.40.rc1.orig/src/api.c 2013-09-16 10:34:32.542272000 +0200 ++++ libcgroup-0.40.rc1/src/api.c 2013-09-13 16:07:10.000000000 +0200 +@@ -2237,29 +2237,29 @@ static int cg_rd_ctrl_file(const char *s + const char *file, char **value) + { + char path[FILENAME_MAX]; +- FILE *ctrl_file = NULL; +- int ret; ++ int ctrl_file = -1; ++ ssize_t ret; + + if (!cg_build_path_locked(cgroup, path, subsys)) + return ECGFAIL; + + strncat(path, file, sizeof(path) - strlen(path)); +- ctrl_file = fopen(path, "re"); +- if (!ctrl_file) ++ ctrl_file = open(path, O_RDONLY | O_CLOEXEC); ++ if (ctrl_file < 0) + return ECGROUPVALUENOTEXIST; + + *value = calloc(CG_VALUE_MAX, 1); + if (!*value) { +- fclose(ctrl_file); ++ close(ctrl_file); + last_errno = errno; + return ECGOTHER; + } + + /* +- * using %as crashes when we try to read from files like ++ * using %as or fread crashes when we try to read from files like + * memory.stat + */ +- ret = fread(*value, 1, CG_VALUE_MAX-1, ctrl_file); ++ ret = read(ctrl_file, *value, CG_VALUE_MAX-1); + if (ret < 0) { + free(*value); + *value = NULL; +@@ -2269,7 +2269,7 @@ static int cg_rd_ctrl_file(const char *s + (*value)[ret-1] = '\0'; + } + +- fclose(ctrl_file); ++ close(ctrl_file); + + return 0; + } diff --git a/SOURCES/libcgroup-0.40.rc1-restorecon.patch b/SOURCES/libcgroup-0.40.rc1-restorecon.patch new file mode 100644 index 0000000..7f9f079 --- /dev/null +++ b/SOURCES/libcgroup-0.40.rc1-restorecon.patch @@ -0,0 +1,11 @@ +diff -upr libcgroup-0.40.rc1.orig/scripts/init.d/cgred.in libcgroup-0.40.rc1/scripts/init.d/cgred.in +--- libcgroup-0.40.rc1.orig/scripts/init.d/cgred.in 2013-08-27 19:52:21.205846000 +0200 ++++ libcgroup-0.40.rc1/scripts/init.d/cgred.in 2013-08-27 19:55:12.713484281 +0200 +@@ -97,6 +97,7 @@ start() + return 1 + fi + echo "`pidof $processname`" > $pidfile ++ [[ -x /sbin/restorecon ]] && /sbin/restorecon $pidfile + return 0 + } + diff --git a/SOURCES/libcgroup-0.40.rc1-templates-fix.patch b/SOURCES/libcgroup-0.40.rc1-templates-fix.patch new file mode 100644 index 0000000..2199cf6 --- /dev/null +++ b/SOURCES/libcgroup-0.40.rc1-templates-fix.patch @@ -0,0 +1,51 @@ +diff -upr libcgroup-0.40.rc1.orig/src/api.c libcgroup-0.40.rc1/src/api.c +--- libcgroup-0.40.rc1.orig/src/api.c 2013-09-26 17:48:57.997535000 +0200 ++++ libcgroup-0.40.rc1/src/api.c 2013-09-27 13:36:41.617642596 +0200 +@@ -2948,11 +2948,11 @@ int cgroup_change_cgroup_flags(uid_t uid + available = FILENAME_MAX - j - 2; + /* Substitution */ + switch(tmp->destination[++i]) { +- case 'u': ++ case 'U': + written = snprintf(newdest+j, available, + "%d", uid); + break; +- case 'U': ++ case 'u': + user_info = getpwuid(uid); + if(user_info) { + written = snprintf(newdest + j, +@@ -2963,11 +2963,11 @@ int cgroup_change_cgroup_flags(uid_t uid + available, "%d", uid); + } + break; +- case 'g': ++ case 'G': + written = snprintf(newdest + j, + available, "%d", gid); + break; +- case 'G': ++ case 'g': + group_info = getgrgid(gid); + if(group_info) { + written = snprintf(newdest + j, +@@ -2978,15 +2978,15 @@ int cgroup_change_cgroup_flags(uid_t uid + available, "%d", gid); + } + break; +- case 'p': ++ case 'P': + written = snprintf(newdest + j, + available, "%d", pid); + break; +- case 'P': +- if(procname) { ++ case 'p': ++ if(procname && strlen(basename(procname))) { + written = snprintf(newdest + j, + available, "%s", +- procname); ++ basename(procname)); + } else { + written = snprintf(newdest + j, + available, "%d", pid); diff --git a/SOURCES/libcgroup-0.40.rc1-valgrind.patch b/SOURCES/libcgroup-0.40.rc1-valgrind.patch new file mode 100644 index 0000000..a46ca0c --- /dev/null +++ b/SOURCES/libcgroup-0.40.rc1-valgrind.patch @@ -0,0 +1,42 @@ +diff -up libcgroup-0.40.rc1/src/api.c.valgrind libcgroup-0.40.rc1/src/api.c +--- libcgroup-0.40.rc1/src/api.c.valgrind 2013-10-17 15:47:31.474927679 +0200 ++++ libcgroup-0.40.rc1/src/api.c 2013-10-17 15:47:31.475927672 +0200 +@@ -3144,6 +3144,8 @@ int cgroup_change_all_cgroups(void) + procname, pid, CGFLAG_USECACHE); + if (err) + cgroup_dbg("cgroup change pid %i failed\n", pid); ++ ++ free(procname); + } + + closedir(dir); +diff -up libcgroup-0.40.rc1/src/config.c.valgrind libcgroup-0.40.rc1/src/config.c +--- libcgroup-0.40.rc1/src/config.c.valgrind 2013-10-17 15:47:31.470927000 +0200 ++++ libcgroup-0.40.rc1/src/config.c 2013-10-25 14:12:37.604648251 +0200 +@@ -1460,7 +1460,7 @@ int cgroup_reload_cached_templates(char + } + template_table_index = 0; + +- if (config_template_table_index != 0) { ++ if ((config_template_table_index != 0) || (config_table_index != 0)) { + /* config template structures have to be free as well*/ + cgroup_free_config(); + } +@@ -1498,7 +1498,16 @@ int cgroup_init_templates_cache(char *pa + int ret = 0; + int i; + +- if (config_template_table_index != 0) { ++ if (template_table) { ++ /* template structures have to be free */ ++ for (i = 0; i < template_table_index; i++) ++ cgroup_free_controllers(&template_table[i]); ++ free(template_table); ++ template_table = NULL; ++ } ++ template_table_index = 0; ++ ++ if ((config_template_table_index != 0) || (config_table_index != 0)) { + /* config structures have to be clean */ + cgroup_free_config(); + } diff --git a/SPECS/libcgroup.spec b/SPECS/libcgroup.spec new file mode 100644 index 0000000..89e242e --- /dev/null +++ b/SPECS/libcgroup.spec @@ -0,0 +1,301 @@ +%global soversion_major 1 +%global soversion 1.0.40 +%global _hardened_build 1 + +Summary: Library to control and monitor control groups +Name: libcgroup +Version: 0.40 +Release: 0.rc1.3%{?dist} +License: LGPLv2+ +Group: Development/Libraries +URL: http://libcg.sourceforge.net/ +Source0: http://downloads.sourceforge.net/libcg/%{name}-%{version}.rc1.tar.bz2 +Source1: cgconfig.service + +Patch0: fedora-config.patch +Patch1: libcgroup-0.37-pam_cgroup.patch +Patch2: libcgroup-0.37-cgred-empty-config.patch +Patch3: libcgroup-0.37-chmod.patch +Patch4: libcgroup-0.40.rc1-coverity.patch +Patch5: libcgroup-0.40.rc1-restorecon.patch +Patch6: libcgroup-0.40.rc1-cgred-order.patch +Patch7: libcgroup-0.40.rc1-cast-and-typo.patch +Patch8: libcgroup-0.40.rc1-config-table.patch +Patch9: libcgroup-0.40.rc1-fread.patch +Patch10: libcgroup-0.40.rc1-change-all-cgroups-cache.patch +Patch11: libcgroup-0.40.rc1-templates-fix.patch +Patch12: libcgroup-0.40.rc1-valgrind.patch +Patch13: libcgroup-0.40.rc1-coverity2.patch + +BuildRequires: byacc, coreutils, flex, pam-devel, systemd +Requires(pre): shadow-utils +Requires(post): systemd +Requires(preun): systemd +Requires(postun): systemd + +%description +Control groups infrastructure. The library helps manipulate, control, +administrate and monitor control groups and the associated controllers. + +%package tools +Summary: Command-line utility programs, services and daemons for libcgroup +Group: System Environment/Base +Requires: %{name}%{?_isa} = %{version}-%{release} + +%description tools +This package contains command-line programs, services and a daemon for +manipulating control groups using the libcgroup library. + +%package pam +Summary: A Pluggable Authentication Module for libcgroup +Group: System Environment/Base +Requires: %{name}%{?_isa} = %{version}-%{release} + +%description pam +Linux-PAM module, which allows administrators to classify the user's login +processes to pre-configured control group. + +%package devel +Summary: Development libraries to develop applications that utilize control groups +Group: Development/Libraries +Requires: %{name}%{?_isa} = %{version}-%{release} + +%description devel +It provides API to create/delete and modify cgroup nodes. It will also in the +future allow creation of persistent configuration for control groups and +provide scripts to manage that configuration. + +%prep +%setup -q -n %{name}-%{version}.rc1 +%patch0 -p1 -b .config-patch +%patch1 -p1 -b .flags +%patch2 -p1 -b .empty-config +%patch3 -p1 -b .chmod +%patch4 -p1 -b .coverity +%patch5 -p1 -b .restorecon +%patch6 -p1 -b .cgred-order +%patch7 -p1 -b .cast-and-typo +%patch8 -p1 -b .config-table +%patch9 -p1 -b .fread +%patch10 -p1 -b .change-all-cache +%patch11 -p1 -b .templates-fix +%patch12 -p1 -b .valgrind +%patch13 -p1 -b .coverity2 + +%build +%configure --enable-pam-module-dir=%{_libdir}/security \ + --enable-opaque-hierarchy="name=systemd" \ + --disable-daemon +make %{?_smp_mflags} + +%install +make DESTDIR=$RPM_BUILD_ROOT install + +# install config files +install -d ${RPM_BUILD_ROOT}%{_sysconfdir} +install -m 644 samples/cgconfig.conf $RPM_BUILD_ROOT/%{_sysconfdir}/cgconfig.conf +install -m 644 samples/cgsnapshot_blacklist.conf $RPM_BUILD_ROOT/%{_sysconfdir}/cgsnapshot_blacklist.conf + +# sanitize pam module, we need only pam_cgroup.so +mv -f $RPM_BUILD_ROOT%{_libdir}/security/pam_cgroup.so.*.*.* $RPM_BUILD_ROOT%{_libdir}/security/pam_cgroup.so +rm -f $RPM_BUILD_ROOT%{_libdir}/security/pam_cgroup.la $RPM_BUILD_ROOT/%{_libdir}/security/pam_cgroup.so.* + +rm -f $RPM_BUILD_ROOT/%{_libdir}/*.la + +rm -f $RPM_BUILD_ROOT/%{_mandir}/man5/cgred.conf.5* +rm -f $RPM_BUILD_ROOT/%{_mandir}/man5/cgrules.conf.5* +rm -f $RPM_BUILD_ROOT/%{_mandir}/man8/cgrulesengd.8* + +# install unit and sysconfig files +install -d ${RPM_BUILD_ROOT}%{_unitdir} +install -m 644 %SOURCE1 ${RPM_BUILD_ROOT}%{_unitdir}/ +install -d ${RPM_BUILD_ROOT}%{_sysconfdir}/sysconfig + +%pre +getent group cgred >/dev/null || groupadd -r cgred + +%post -p /sbin/ldconfig + +%postun -p /sbin/ldconfig + +%post tools +%systemd_post cgconfig.service + +%preun tools +%systemd_preun cgconfig.service + +%postun tools +%systemd_postun_with_restart cgconfig.service + +%triggerun -- libcgroup < 0.38 +# Save the current service runlevel info +# User must manually run systemd-sysv-convert --apply cgconfig +# to migrate them to systemd targets +/usr/bin/systemd-sysv-convert --save cgconfig >/dev/null 2>&1 ||: + +# Run these because the SysV package being removed won't do them +/sbin/chkconfig --del cgconfig >/dev/null 2>&1 || : +/bin/systemctl try-restart cgconfig.service >/dev/null 2>&1 || : + +%files +%doc COPYING README +%{_libdir}/libcgroup.so.* + +%files tools +%doc COPYING README README_systemd +%config(noreplace) %{_sysconfdir}/cgconfig.conf +%config(noreplace) %{_sysconfdir}/cgsnapshot_blacklist.conf +/usr/bin/cgcreate +/usr/bin/cgget +/usr/bin/cgset +/usr/bin/cgdelete +/usr/bin/lscgroup +/usr/bin/lssubsys +/usr/sbin/cgconfigparser +/usr/sbin/cgclear +/usr/bin/cgsnapshot +%attr(2755, root, cgred) /usr/bin/cgexec +%attr(2755, root, cgred) /usr/bin/cgclassify +%attr(0644, root, root) %{_mandir}/man1/* +%attr(0644, root, root) %{_mandir}/man5/* +%attr(0644, root, root) %{_mandir}/man8/* +%{_unitdir}/cgconfig.service + +%files pam +%doc COPYING README +%attr(0755,root,root) %{_libdir}/security/pam_cgroup.so + +%files devel +%doc COPYING README +%{_includedir}/libcgroup.h +%{_includedir}/libcgroup/*.h +%{_libdir}/libcgroup.so +%{_libdir}/pkgconfig/libcgroup.pc + +%changelog +* Mon Nov 4 2013 Peter Schiffer 0.40-0.rc1.3 +- related: #819568 + fixed some coverity findings + +* Fri Nov 1 2013 Peter Schiffer 0.40-0.rc1.2 +- related: #1016810 + returned creation of cgred group, which was removed in previous commit by mistage + +* Fri Nov 1 2013 Peter Schiffer 0.40-0.rc1.1 +- resolves: #819568, #740113 + rebased to 0.40.rc1 +- resolves: #983264 + rebuilt with full relro and PIE +- resolves: #1016810 + removed cgrulesengd daemon + +* Fri Nov 23 2012 Peter Schiffer - 0.38-3 +- resolves: #850183 + scriptlets replaced with new systemd macros (thanks to vpavlin) +- cleaned .spec file + +* Thu Jul 19 2012 Fedora Release Engineering - 0.38-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild + +* Mon Feb 20 2012 Jan Safranek 0.38-1 +- updated to 0.38 + +* Fri Feb 3 2012 Jan Safranek 0.38-0.rc1 +- updated to 0.38.rc1 + +* Fri Jan 13 2012 Fedora Release Engineering - 0.37.1-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild + +* Mon May 30 2011 Jan Safranek 0.37.1-4 +- fixed cgconfig service not to unmount stuff it did not mount +- added better sample cgconfig.conf file to reflect systemd + mounting all controllers during boot (#702111) + +* Wed May 25 2011 Ivana Hutarova Varekova 0.37.1-3 +- split tools part from libcgroup package + +* Fri Apr 8 2011 Jan Safranek 0.37.1-2 +- Remove /cgroup directory, groups are created in /sys/fs/cgroup + (#694687) + +* Thu Mar 3 2011 Jan Safranek 0.37.1-1 +- Update to 0.37.1 + +* Mon Feb 07 2011 Fedora Release Engineering - 0.37-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild + +* Mon Jan 17 2011 Jan Safranek 0.37-2 +- Create the 'cgred' group as system group, not as user +- Fix cgclassify exit code + +* Mon Dec 13 2010 Jan Safranek 0.37-1 +- Update to 0.37 +- use /sys/fs/cgroup as default directory to mount control groups (and rely on + systemd mounting tmpfs there) + +* Fri Nov 12 2010 Jan Safranek 0.36.2-3 +- Ignore systemd hierarchy - it's now invisible to libcgroup (#627378) + +* Mon Aug 2 2010 Jan Safranek 0.36.2-2 +- Fix initscripts to report stopped cgconfig service as not running + (#619091) + +* Tue Jun 22 2010 Jan Safranek 0.36.2-1 +- Update to 0.36.2, fixing packaging the libraries (#605434) +- Remove the dependency on redhat-lsb (#603578) + +* Fri May 21 2010 Jan Safranek 0.36-1 +- Update to 0.36.1 + +* Tue Mar 9 2010 Jan Safranek 0.35-1 +- Update to 0.35.1 +- Separate pam module to its own subpackage + +* Mon Jan 18 2010 Jan Safranek 0.34-4 +- Added README.Fedora to describe initscript integration + +* Mon Oct 19 2009 Jan Safranek 0.34-3 +- Change the default configuration to mount everything to /cgroup + +* Fri Jul 24 2009 Fedora Release Engineering - 0.34-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild + +* Tue Jul 7 2009 Jan Safranek 0.34-1 +- Update to 0.34 +* Mon Mar 09 2009 Dhaval Giani 0.33-3 +- Add a workaround for rt cgroup controller. +* Mon Mar 09 2009 Dhaval Giani 0.33-2 +- Change the cgconfig script to start earlier +- Move the binaries to /bin and /sbin +* Mon Mar 02 2009 Dhaval Giani 0.33-1 +- Update to latest upstream +* Wed Feb 25 2009 Fedora Release Engineering 0.32.2-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild + +* Mon Jan 05 2009 Dhaval Giani 0.32.2-3 +- Fix redhat-lsb dependency +* Mon Dec 29 2008 Dhaval Giani 0.32.2-2 +- Fix build dependencies +* Mon Dec 29 2008 Dhaval Giani 0.32.2-1 +- Update to latest upstream +* Thu Oct 23 2008 Dhaval Giani 0.32.1-1 +* Tue Feb 24 2009 Balbir Singh 0.33-1 +- Update to 0.33, spec file changes to add Makefiles and pam_cgroup module +* Fri Oct 10 2008 Dhaval Giani 0.32-1 +- Update to latest upstream +* Thu Sep 11 2008 Dhaval Giani 0.31-1 +- Update to latest upstream +* Sat Aug 2 2008 Dhaval Giani 0.1c-3 +- Change release to fix broken upgrade path +* Wed Jun 11 2008 Dhaval Giani 0.1c-1 +- Update to latest upstream version +* Tue Jun 3 2008 Balbir Singh 0.1b-3 +- Add post and postun. Also fix Requires for devel to depend on base n-v-r +* Sat May 31 2008 Balbir Singh 0.1b-2 +- Fix makeinstall, Source0 and URL (review comments from Tom) +* Mon May 26 2008 Balbir Singh 0.1b-1 +- Add a generatable spec file +* Tue May 20 2008 Balbir Singh 0.1-1 +- Get the spec file to work +* Tue May 20 2008 Dhaval Giani 0.01-1 +- The first version of libcg