diff --git a/download b/download new file mode 100644 index 0000000000000000000000000000000000000000..dfac2050199f7f0a875a81816935f5da53bdf2f4 --- /dev/null +++ b/download @@ -0,0 +1 @@ +1c4c774093a61454b061e5ea8c5361e6 libcgroup-2.0.tar.bz2 diff --git a/fedora-config.patch b/fedora-config.patch deleted file mode 100644 index 5fafc322d8bf673451182ad37d966a3515096f23..0000000000000000000000000000000000000000 --- a/fedora-config.patch +++ /dev/null @@ -1,65 +0,0 @@ -Fedora specific configuration - we want to mount all controllers by default for libvirt. - -diff -up libcgroup-0.34/samples/cgconfig.conf.orig libcgroup-0.34/samples/cgconfig.conf ---- libcgroup-0.34/samples/cgconfig.conf.orig 2009-03-04 10:40:06.000000000 +0100 -+++ libcgroup-0.34/samples/cgconfig.conf 2009-10-19 10:17:37.000000000 +0200 -@@ -10,39 +10,8 @@ - # WITHOUT ANY WARRANTY; without even the implied warranty of - # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. - # --#group daemons/www { --# perm { --# task { --# uid = root; --# gid = webmaster; --# } --# admin { --# uid = root; --# gid = root; --# } --# } --# cpu { --# cpu.shares = 1000; --# } --#} - # --#group daemons/ftp { --# perm { --# task { --# uid = root; --# gid = ftpmaster; --# } --# admin { --# uid = root; --# gid = root; --# } --# } --# cpu { --# cpu.shares = 500; --# } --#} --# --#mount { --# cpu = /mnt/cgroups/cpu; --# cpuacct = /mnt/cgroups/cpuacct; --#} -+# By default, we expect systemd mounts everything on boot, -+# so there is not much to do. -+# See man cgconfig.conf for further details, how to create groups -+# on system boot using this file. -+ -diff -up libcgroup-0.35.1/samples/cgconfig.sysconfig.orig libcgroup-0.35.1/samples/cgconfig.sysconfig ---- libcgroup-0.35.1/samples/cgconfig.sysconfig.orig 2010-03-09 14:56:34.000000000 +0100 -+++ libcgroup-0.35.1/samples/cgconfig.sysconfig 2010-03-09 16:30:12.000000000 +0100 -@@ -5,8 +5,6 @@ - # controller to limit cpu.shares of this default group and allowing some more - # important group take most of the CPU. - # --# By default, create these groups: --CREATE_DEFAULT=yes -- --# Uncomment following line to disable creation of the default group on startup: --# CREATE_DEFAULT=no -+# By default, do not create these groups: -+# CREATE_DEFAULT=yes -+CREATE_DEFAULT=no diff --git a/libcgroup-0.37-chmod.patch b/libcgroup-0.37-chmod.patch deleted file mode 100644 index bca595f5debf81fd8bbc6640b310e2a84b46f745..0000000000000000000000000000000000000000 --- a/libcgroup-0.37-chmod.patch +++ /dev/null @@ -1,31 +0,0 @@ -diff -up libcgroup-0.41/src/api.c.chmod libcgroup-0.41/src/api.c ---- libcgroup-0.41/src/api.c.chmod 2014-01-13 15:05:56.000000000 +0100 -+++ libcgroup-0.41/src/api.c 2014-01-13 20:41:55.255577622 +0100 -@@ -153,6 +153,10 @@ static int cg_chown_file(FTS *fts, FTSEN - return ret; - } - -+int cg_chmod_file(FTS *fts, FTSENT *ent, mode_t dir_mode, -+ int dirm_change, mode_t file_mode, int filem_change, -+ int owner_is_umask); -+ - /* - * TODO: Need to decide a better place to put this function. - */ -@@ -160,6 +164,8 @@ static int cg_chown_recursive(char **pat - { - int ret = 0; - FTS *fts; -+ /* mode 664 */ -+ mode_t mode = S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP | S_IROTH; - - cgroup_dbg("chown: path is %s\n", *path); - fts = fts_open(path, FTS_PHYSICAL | FTS_NOCHDIR | -@@ -177,6 +183,7 @@ static int cg_chown_recursive(char **pat - cgroup_warn("Warning: fts_read failed\n"); - break; - } -+ cg_chmod_file(fts, ent, mode, 0, mode, 1, 1); - ret = cg_chown_file(fts, ent, owner, group); - } - fts_close(fts); diff --git a/libcgroup-0.40.rc1-coverity.patch b/libcgroup-0.40.rc1-coverity.patch deleted file mode 100644 index 439abf177ad8765ce44332fce95d0cc7742a1ec0..0000000000000000000000000000000000000000 --- a/libcgroup-0.40.rc1-coverity.patch +++ /dev/null @@ -1,99 +0,0 @@ -diff -up libcgroup-0.41/src/api.c.coverity libcgroup-0.41/src/api.c ---- libcgroup-0.41/src/api.c.coverity 2014-01-13 20:52:49.853838149 +0100 -+++ libcgroup-0.41/src/api.c 2014-01-13 20:52:49.854838142 +0100 -@@ -2791,7 +2791,6 @@ static int cgroup_create_template_group( - if (group_name == NULL) { - ret = ECGOTHER; - last_errno = errno; -- free(template_name); - goto end; - } - -diff -up libcgroup-0.41/src/config.c.coverity libcgroup-0.41/src/config.c ---- libcgroup-0.41/src/config.c.coverity 2014-01-13 15:05:56.000000000 +0100 -+++ libcgroup-0.41/src/config.c 2014-01-13 20:52:49.854838142 +0100 -@@ -323,7 +323,7 @@ int config_group_task_perm(char *perm_ty - long val = atoi(value); - char buffer[CGROUP_BUFFER_LEN]; - struct cgroup *config_cgroup; -- int table_index; -+ int table_index, ret; - - switch (flag) { - case CGROUP: -@@ -367,10 +367,10 @@ int config_group_task_perm(char *perm_ty - if (!group) - goto group_task_error; - -- getgrnam_r(value, group, buffer, -+ ret = getgrnam_r(value, group, buffer, - CGROUP_BUFFER_LEN, &group_buffer); - -- if (group_buffer == NULL) { -+ if (ret != 0 || group_buffer == NULL) { - free(group); - goto group_task_error; - } -@@ -436,7 +436,7 @@ int config_group_admin_perm(char *perm_t - struct cgroup *config_cgroup; - long val = atoi(value); - char buffer[CGROUP_BUFFER_LEN]; -- int table_index; -+ int table_index, ret; - - switch (flag) { - case CGROUP: -@@ -479,10 +479,10 @@ int config_group_admin_perm(char *perm_t - if (!group) - goto admin_error; - -- getgrnam_r(value, group, buffer, -+ ret = getgrnam_r(value, group, buffer, - CGROUP_BUFFER_LEN, &group_buffer); - -- if (group_buffer == NULL) { -+ if (ret != 0 || group_buffer == NULL) { - free(group); - goto admin_error; - } -diff -up libcgroup-0.41/src/daemon/cgrulesengd.c.coverity libcgroup-0.41/src/daemon/cgrulesengd.c ---- libcgroup-0.41/src/daemon/cgrulesengd.c.coverity 2014-01-13 15:05:56.000000000 +0100 -+++ libcgroup-0.41/src/daemon/cgrulesengd.c 2014-01-13 20:52:49.854838142 +0100 -@@ -646,7 +646,7 @@ close: - - static int cgre_create_netlink_socket_process_msg(void) - { -- int sk_nl = 0, sk_unix = 0, sk_max; -+ int sk_nl = -1, sk_unix = -1, sk_max; - struct sockaddr_nl my_nla; - char buff[BUFF_SIZE]; - int rc = -1; -@@ -784,9 +784,9 @@ static int cgre_create_netlink_socket_pr - } - - close_and_exit: -- if (sk_nl > 0) -+ if (sk_nl > -1) - close(sk_nl); -- if (sk_unix > 0) -+ if (sk_unix > -1) - close(sk_unix); - return rc; - } -diff -upr libcgroup-0.40.rc1.orig/src/tools/lscgroup.c libcgroup-0.40.rc1/src/tools/lscgroup.c ---- libcgroup-0.40.rc1.orig/src/tools/lscgroup.c 2013-05-21 15:36:04.000000000 +0200 -+++ libcgroup-0.40.rc1/src/tools/lscgroup.c 2013-11-04 14:26:53.400473523 +0100 -@@ -97,11 +97,11 @@ static int display_controller_data(char - if (ret != 0) - return ret; - -- strncpy(cgroup_dir_path, info.full_path, FILENAME_MAX); -+ strncpy(cgroup_dir_path, info.full_path, FILENAME_MAX - 1); - /* remove problematic '/' characters from cgroup directory path*/ - trim_filepath(cgroup_dir_path); - -- strncpy(input_dir_path, input_path, FILENAME_MAX); -+ strncpy(input_dir_path, input_path, FILENAME_MAX - 1); - - /* remove problematic '/' characters from input directory path*/ - trim_filepath(input_dir_path); diff --git a/libcgroup-0.40.rc1-fread.patch b/libcgroup-0.40.rc1-fread.patch deleted file mode 100644 index acc7eba3b2a3ece87535e4fff5dc87d553444c74..0000000000000000000000000000000000000000 --- a/libcgroup-0.40.rc1-fread.patch +++ /dev/null @@ -1,49 +0,0 @@ -diff -up libcgroup-0.41/src/api.c.fread libcgroup-0.41/src/api.c ---- libcgroup-0.41/src/api.c.fread 2014-01-13 21:01:32.067067615 +0100 -+++ libcgroup-0.41/src/api.c 2014-01-13 21:01:32.070067594 +0100 -@@ -2232,29 +2232,29 @@ static int cg_rd_ctrl_file(const char *s - const char *file, char **value) - { - char path[FILENAME_MAX]; -- FILE *ctrl_file = NULL; -- int ret; -+ int ctrl_file = -1; -+ ssize_t ret; - - if (!cg_build_path_locked(cgroup, path, subsys)) - return ECGFAIL; - - strncat(path, file, sizeof(path) - strlen(path)); -- ctrl_file = fopen(path, "re"); -- if (!ctrl_file) -+ ctrl_file = open(path, O_RDONLY | O_CLOEXEC); -+ if (ctrl_file < 0) - return ECGROUPVALUENOTEXIST; - - *value = calloc(CG_VALUE_MAX, 1); - if (!*value) { -- fclose(ctrl_file); -+ close(ctrl_file); - last_errno = errno; - return ECGOTHER; - } - - /* -- * using %as crashes when we try to read from files like -+ * using %as or fread crashes when we try to read from files like - * memory.stat - */ -- ret = fread(*value, 1, CG_VALUE_MAX-1, ctrl_file); -+ ret = read(ctrl_file, *value, CG_VALUE_MAX-1); - if (ret < 0) { - free(*value); - *value = NULL; -@@ -2264,7 +2264,7 @@ static int cg_rd_ctrl_file(const char *s - (*value)[ret-1] = '\0'; - } - -- fclose(ctrl_file); -+ close(ctrl_file); - - return 0; - } diff --git a/libcgroup-0.40.rc1-templates-fix.patch b/libcgroup-0.40.rc1-templates-fix.patch deleted file mode 100644 index 50e9aea8f59b565f331a15c0a2e01e06b0eafb73..0000000000000000000000000000000000000000 --- a/libcgroup-0.40.rc1-templates-fix.patch +++ /dev/null @@ -1,16 +0,0 @@ -diff -up libcgroup-0.41/src/api.c.templates-fix libcgroup-0.41/src/api.c ---- libcgroup-0.41/src/api.c.templates-fix 2014-01-13 21:04:36.933747000 +0100 -+++ libcgroup-0.41/src/api.c 2014-01-13 21:16:44.478580105 +0100 -@@ -2974,10 +2974,10 @@ int cgroup_change_cgroup_flags(uid_t uid - available, "%d", pid); - break; - case 'p': -- if(procname) { -+ if(procname && strlen(basename(procname))) { - written = snprintf(newdest + j, - available, "%s", -- procname); -+ basename(procname)); - } else { - written = snprintf(newdest + j, - available, "%d", pid); diff --git a/libcgroup-0.41-CVE-2018-14348.patch b/libcgroup-0.41-CVE-2018-14348.patch deleted file mode 100644 index ac33cffb7dd5d0e32e30c6d8f308604d23da4f45..0000000000000000000000000000000000000000 --- a/libcgroup-0.41-CVE-2018-14348.patch +++ /dev/null @@ -1,33 +0,0 @@ -From 9ed289ca9c792f525cf54e694b1b641300c000e6 Mon Sep 17 00:00:00 2001 -From: Michal Hocko -Date: Wed, 18 Jul 2018 11:24:29 +0200 -Subject: [PATCH] cgrulesengd: remove umask(0) - -One of our partners has noticed that cgred daemon is creating a log file -(/var/log/cgred) with too wide permissions (0666) and that is seen as -a security bug because an untrusted user can write to otherwise -restricted area. CVE-2018-14348 has been assigned to this issue. - -Signed-off-by: Michal Hocko -Acked-by: Balbir Singh ---- - src/daemon/cgrulesengd.c | 3 --- - 1 file changed, 3 deletions(-) - -diff --git a/src/daemon/cgrulesengd.c b/src/daemon/cgrulesengd.c -index 170837a..41aadd4 100644 ---- a/src/daemon/cgrulesengd.c -+++ b/src/daemon/cgrulesengd.c -@@ -885,9 +885,6 @@ int cgre_start_daemon(const char *logp, const int logf, - } else if (pid > 0) { - exit(EXIT_SUCCESS); - } -- -- /* Change the file mode mask. */ -- umask(0); - } else { - flog(LOG_DEBUG, "Not using daemon mode\n"); - pid = getpid(); --- -2.17.1 - diff --git a/libcgroup-0.41-api.c-fix-order-of-memory-subsystem-parameters.patch b/libcgroup-0.41-api.c-fix-order-of-memory-subsystem-parameters.patch deleted file mode 100644 index 970053055ee59d400d8494ecda77ac9faa9314f7..0000000000000000000000000000000000000000 --- a/libcgroup-0.41-api.c-fix-order-of-memory-subsystem-parameters.patch +++ /dev/null @@ -1,66 +0,0 @@ -From 72a9e0c3d4f8daca9f7dc389edbc1013d7c0d808 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Nikola=20Forr=C3=B3?= -Date: Fri, 8 Apr 2016 17:00:19 +0200 -Subject: [PATCH] api.c: fix order of memory subsystem parameters generated by - cgsnapshot -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Order of parameters usually doesn't matter, but that's not the case with -memory.limit_in_bytes and memory.memsw.limit_in_bytes. When the latter -is first in the list of parameters, the resulting configuration is not -loadable with cgconfigparser. - -This happens because when a cgroup is created, both memory.limit_in_bytes -and memory.memsw.limit_in_bytes parameters are initialized to highest -value possible (RESOURCE_MAX). And because memory.memsw.limit_in_bytes -must be always higher or equal to memory.limit_in_bytes, it's impossible -to change its value first. - -Make sure that after constructing parameter list of memory subsystem, -the mentioned parameters are in correct order. - -Signed-off-by: Nikola Forró ---- - src/api.c | 24 ++++++++++++++++++++++++ - 1 file changed, 24 insertions(+) - -diff --git a/src/api.c b/src/api.c -index 0bf0615..f5da553 100644 ---- a/src/api.c -+++ b/src/api.c -@@ -2651,6 +2651,30 @@ int cgroup_get_cgroup(struct cgroup *cgroup) - } - } - closedir(dir); -+ -+ if (! strcmp(cgc->name, "memory")) { -+ /* -+ * Make sure that memory.limit_in_bytes is placed before -+ * memory.memsw.limit_in_bytes in the list of values -+ */ -+ int memsw_limit = -1; -+ int mem_limit = -1; -+ -+ for (j = 0; j < cgc->index; j++) { -+ if (! strcmp(cgc->values[j]->name, -+ "memory.memsw.limit_in_bytes")) -+ memsw_limit = j; -+ else if (! strcmp(cgc->values[j]->name, -+ "memory.limit_in_bytes")) -+ mem_limit = j; -+ } -+ -+ if (memsw_limit >= 0 && memsw_limit < mem_limit) { -+ struct control_value *val = cgc->values[memsw_limit]; -+ cgc->values[memsw_limit] = cgc->values[mem_limit]; -+ cgc->values[mem_limit] = val; -+ } -+ } - } - - /* Check if the group really exists or not */ --- -2.4.11 - diff --git a/libcgroup-0.41-api.c-preserve-dirty-flag.patch b/libcgroup-0.41-api.c-preserve-dirty-flag.patch deleted file mode 100644 index 0836334a20dcaa682656fdb956c6f5f03cfa53ec..0000000000000000000000000000000000000000 --- a/libcgroup-0.41-api.c-preserve-dirty-flag.patch +++ /dev/null @@ -1,33 +0,0 @@ -From ad27a46d8c0e180f71b4606d7b2a3bd3bebd7bbf Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Nikola=20Forr=C3=B3?= -Date: Thu, 13 Oct 2016 13:42:30 +0200 -Subject: [PATCH] api.c: preserve dirty flag when copying controller values -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -When setting cgroup parameters with cgset fails, no error is reported. -This is caused by the fact that cgroup_copy_controller_values is not -preserving dirty flags of the values, so it's making all errors -considered non-fatal. - -Signed-off-by: Nikola Forró ---- - src/api.c | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/src/api.c b/src/api.c -index 0bf0615..daf4ef0 100644 ---- a/src/api.c -+++ b/src/api.c -@@ -1687,6 +1687,7 @@ static int cgroup_copy_controller_values(struct cgroup_controller *dst, - dst_val = dst->values[i]; - strncpy(dst_val->value, src_val->value, CG_VALUE_MAX); - strncpy(dst_val->name, src_val->name, FILENAME_MAX); -+ dst_val->dirty = src_val->dirty; - } - err: - return ret; --- -2.7.4 - diff --git a/libcgroup-0.41-api.c-support-for-setting-multiline-values-in-contro.patch b/libcgroup-0.41-api.c-support-for-setting-multiline-values-in-contro.patch deleted file mode 100644 index fba6b9b660606c033120bfedee881303636a4a02..0000000000000000000000000000000000000000 --- a/libcgroup-0.41-api.c-support-for-setting-multiline-values-in-contro.patch +++ /dev/null @@ -1,150 +0,0 @@ -From 691430206f1104b752b0e52386f317e639137788 Mon Sep 17 00:00:00 2001 -From: Jan Chaloupka -Date: Mon, 15 Sep 2014 13:29:39 +0200 -Subject: [PATCH] api.c: support for setting multiline values in control files - -As of now, libcgroup does not support multiline values setting from configuration files. i.e. values in a form: - -net_prio.ifpriomap="lo 7 -eth0 66 -eth1 5 -eth2 4 -eth3 3"; - -Thus, setting of more network interfaces can not be done from configuration file. Or - -devices.allow="a *:* w -c 8:* r"; - -thus setting list of allow devices can not be set as well. The only way is to set it from userspace, e.g.: -# echo "lo 7" > /sys/fs/cgroup/net_prio/testGroup/net_prio.ifpriomap -# echo "eth 0" > /sys/fs/cgroup/net_prio/testGroup/net_prio.ifpriomap -# echo "eth 1" > /sys/fs/cgroup/net_prio/testGroup/net_prio.ifpriomap -# echo "eth 2" > /sys/fs/cgroup/net_prio/testGroup/net_prio.ifpriomap -# echo "eth 3" > /sys/fs/cgroup/net_prio/testGroup/net_prio.ifpriomap - -This patch allows setting of multiline variables. - -How this support works: -Multiline value is broken in lines and each line is set by write (man 2 write) syscall (without bufferring). -This implies change of fopen with open, fclose with close. -There is no control on multiline value, thus "eth0\n \t\n" can be set. However, setting -of " \t" will fail as write command returns -1. Thus administrator has to set correct -multiline values. - -Tested on virtual machine with fedora and rhel with network interface lo, eth0-eth3. Configuration file: - -# cat /etc/cgconfig.conf -group testGroup { - net_prio { - net_prio.ifpriomap="lo 7 -eth0 66 -eth1 5 -eth2 4 -eth3 3"; - } -} - -net_prio has to be created before: -# modprobe netprio_cgroup -# mkdir /sys/fs/cgroup/net_prio -# mount -t cgroup -onet_prio none /sys/fs/cgroup/net_prio - -Changelog: - test of success of strdup call - free str_val before return (str_val is changing in while cycle, - thus str_start_val points to the start of str_val before while) - -Signed-off-by: Jan Chaloupka ---- - src/api.c | 50 ++++++++++++++++++++++++++++++++++++++++++++------ - 1 file changed, 44 insertions(+), 6 deletions(-) - -diff --git a/src/api.c b/src/api.c -index 5751b8f..d6c9d3a 100644 ---- a/src/api.c -+++ b/src/api.c -@@ -1495,13 +1495,18 @@ static int cg_create_control_group(const char *path) - */ - static int cg_set_control_value(char *path, const char *val) - { -- FILE *control_file = NULL; -+ int ctl_file; -+ char *str_val; -+ char *str_val_start; -+ char *pos; -+ size_t len; -+ - if (!cg_test_mounted_fs()) - return ECGROUPNOTMOUNTED; - -- control_file = fopen(path, "r+e"); -+ ctl_file = open(path, O_RDWR | O_CLOEXEC); - -- if (!control_file) { -+ if (ctl_file == -1) { - if (errno == EPERM) { - /* - * We need to set the correct error value, does the -@@ -1512,6 +1517,7 @@ static int cg_set_control_value(char *path, const char *val) - */ - char *path_dir_end; - char *tasks_path; -+ FILE *control_file; - - path_dir_end = strrchr(path, '/'); - if (path_dir_end == NULL) -@@ -1543,15 +1549,47 @@ static int cg_set_control_value(char *path, const char *val) - return ECGROUPVALUENOTEXIST; - } - -- if (fprintf(control_file, "%s", val) < 0) { -+ /* Split the multiline value into lines. */ -+ /* One line is a special case of multiline value. */ -+ str_val = strdup(val); -+ if (str_val == NULL) { - last_errno = errno; -- fclose(control_file); -+ close(ctl_file); - return ECGOTHER; - } -- if (fclose(control_file) < 0) { -+ -+ str_val_start = str_val; -+ pos = str_val; -+ -+ do { -+ str_val = pos; -+ pos = strchr(str_val, '\n'); -+ -+ if (pos) { -+ *pos = '\0'; -+ ++pos; -+ } -+ -+ len = strlen(str_val); -+ if (len > 0) { -+ if (write(ctl_file, str_val, len) == -1) { -+ last_errno = errno; -+ free(str_val_start); -+ close(ctl_file); -+ return ECGOTHER; -+ } -+ } else -+ cgroup_warn("Warning: skipping empty line for %s\n", -+ path); -+ } while(pos); -+ -+ if (close(ctl_file)) { - last_errno = errno; -+ free(str_val_start); - return ECGOTHER; - } -+ -+ free(str_val_start); - return 0; - } - --- -1.9.3 - diff --git a/libcgroup-0.41-change-cgroup-of-threads.patch b/libcgroup-0.41-change-cgroup-of-threads.patch deleted file mode 100644 index 05f009aec75caeb60add65008a50f10ed6dfb43d..0000000000000000000000000000000000000000 --- a/libcgroup-0.41-change-cgroup-of-threads.patch +++ /dev/null @@ -1,74 +0,0 @@ -From c9d651cfd532da6494dab03190c0a207cdf7289c Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Nikola=20Forr=C3=B3?= -Date: Mon, 23 Jul 2018 17:38:26 +0200 -Subject: [PATCH] api.c: always move all tasks of a process to a cgroup - ---- - src/api.c | 40 ++++++++++++++++++++++++++++++++++++++-- - 1 file changed, 38 insertions(+), 2 deletions(-) - -diff --git a/src/api.c b/src/api.c -index 803ff35..a2cf981 100644 ---- a/src/api.c -+++ b/src/api.c -@@ -3180,7 +3180,12 @@ int cgroup_change_cgroup_path(const char *dest, pid_t pid, - const char *const controllers[]) - { - int ret; -+ int nr; - struct cgroup cgroup; -+ DIR *dir; -+ struct dirent *task_dir = NULL; -+ char path[FILENAME_MAX]; -+ pid_t tid; - - if (!cgroup_initialized) { - cgroup_warn("Warning: libcgroup is not initialized\n"); -@@ -3191,11 +3196,42 @@ int cgroup_change_cgroup_path(const char *dest, pid_t pid, - ret = cg_prepare_cgroup(&cgroup, pid, dest, controllers); - if (ret) - return ret; -- /* Add task to cgroup */ -+ /* Add process to cgroup */ - ret = cgroup_attach_task_pid(&cgroup, pid); -- if (ret) -+ if (ret) { - cgroup_warn("Warning: cgroup_attach_task_pid failed: %d\n", - ret); -+ goto finished; -+ } -+ -+ /* Add all threads to cgroup */ -+ snprintf(path, FILENAME_MAX, "/proc/%d/task/", pid); -+ dir = opendir(path); -+ if (!dir) { -+ last_errno = errno; -+ ret = ECGOTHER; -+ goto finished; -+ } -+ -+ while ((task_dir = readdir(dir)) != NULL) { -+ nr = sscanf(task_dir->d_name, "%i", &tid); -+ if (nr < 1) -+ continue; -+ -+ if (tid == pid) -+ continue; -+ -+ ret = cgroup_attach_task_pid(&cgroup, tid); -+ if (ret) { -+ cgroup_warn("Warning: cgroup_attach_task_pid failed: %d\n", -+ ret); -+ break; -+ } -+ } -+ -+ closedir(dir); -+ -+finished: - cgroup_free_controllers(&cgroup); - return ret; - } --- -2.17.1 - diff --git a/libcgroup-0.41-coverity.patch b/libcgroup-0.41-coverity.patch deleted file mode 100644 index 31373560a54bb8117ff64dc2d31929ef64173fa4..0000000000000000000000000000000000000000 --- a/libcgroup-0.41-coverity.patch +++ /dev/null @@ -1,167 +0,0 @@ -diff --git a/src/api.c b/src/api.c -index 1cd30df..93d0750 100644 ---- a/src/api.c -+++ b/src/api.c -@@ -3642,14 +3642,14 @@ static int cg_read_stat(FILE *fp, struct cgroup_stat *cgroup_stat) - ret = ECGINVAL; - goto out_free; - } -- strncpy(cgroup_stat->name, token, FILENAME_MAX); -+ strncpy(cgroup_stat->name, token, FILENAME_MAX - 1); - - token = strtok_r(NULL, " ", &saveptr); - if (!token) { - ret = ECGINVAL; - goto out_free; - } -- strncpy(cgroup_stat->value, token, CG_VALUE_MAX); -+ strncpy(cgroup_stat->value, token, CG_VALUE_MAX - 1); - - out_free: - free(line); -@@ -3906,9 +3906,9 @@ int cgroup_get_controller_next(void **handle, struct cgroup_mount_point *info) - goto out_unlock; - } - -- strncpy(info->name, cg_mount_table[*pos].name, FILENAME_MAX); -+ strncpy(info->name, cg_mount_table[*pos].name, FILENAME_MAX - 1); - -- strncpy(info->path, cg_mount_table[*pos].mount.path, FILENAME_MAX); -+ strncpy(info->path, cg_mount_table[*pos].mount.path, FILENAME_MAX - 1); - - (*pos)++; - *handle = pos; -diff --git a/src/config.c b/src/config.c -index e1ee0a8..c3004eb 100644 ---- a/src/config.c -+++ b/src/config.c -@@ -168,7 +168,7 @@ int config_insert_cgroup(char *cg_name, int flag) - } - - config_cgroup = &config_table[*table_index]; -- strncpy(config_cgroup->name, cg_name, FILENAME_MAX); -+ strncpy(config_cgroup->name, cg_name, FILENAME_MAX - 1); - - /* - * Since this will be the last part to be parsed. -@@ -1583,7 +1583,7 @@ int cgroup_config_create_template_group(struct cgroup *cgroup, - int i, j, k; - struct cgroup *t_cgroup; - char buffer[FILENAME_MAX]; -- struct cgroup *aux_cgroup; -+ struct cgroup *aux_cgroup = NULL; - struct cgroup_controller *cgc; - int found; - -@@ -1659,7 +1659,7 @@ int cgroup_config_create_template_group(struct cgroup *cgroup, - /* no template is present for given name x controller pair - * add controller to result cgroup */ - aux_cgroup = cgroup_new_cgroup(cgroup->name); -- if (aux_cgroup) { -+ if (aux_cgroup == NULL) { - ret = ECGINVAL; - fprintf(stderr, "cgroup %s can't be created\n", - cgroup->name); -@@ -1683,5 +1683,6 @@ int cgroup_config_create_template_group(struct cgroup *cgroup, - } - - end: -+ cgroup_free(&aux_cgroup); - return ret; - } -diff --git a/src/tools/cgsnapshot.c b/src/tools/cgsnapshot.c -index a0599c1..66e3bbc 100644 ---- a/src/tools/cgsnapshot.c -+++ b/src/tools/cgsnapshot.c -@@ -428,6 +428,7 @@ static int display_cgroup_data(struct cgroup *group, - goto err; - } - fprintf(of, "\t\t%s=\"%s\";\n", output_name, value); -+ free(value); - } - fprintf(of, "\t}\n"); - } -diff --git a/src/wrapper.c b/src/wrapper.c -index 0952823..599128f 100644 ---- a/src/wrapper.c -+++ b/src/wrapper.c -@@ -48,7 +48,7 @@ struct cgroup *cgroup_new_cgroup(const char *name) - return NULL; - - init_cgroup(cgroup); -- strncpy(cgroup->name, name, sizeof(cgroup->name)); -+ strncpy(cgroup->name, name, sizeof(cgroup->name) - 1); - - return cgroup; - } -@@ -82,7 +82,7 @@ struct cgroup_controller *cgroup_add_controller(struct cgroup *cgroup, - if (!controller) - return NULL; - -- strncpy(controller->name, name, sizeof(controller->name)); -+ strncpy(controller->name, name, sizeof(controller->name) - 1); - controller->cgroup = cgroup; - controller->index = 0; - -@@ -560,7 +560,7 @@ struct cgroup *create_cgroup_from_name_value_pairs(const char *name, - goto scgroup_err; - } - -- strncpy(con, name_value[i].name, FILENAME_MAX); -+ strncpy(con, name_value[i].name, FILENAME_MAX - 1); - strtok(con, "."); - - /* find out whether we have to add the controller or -diff --git a/tests/libcgrouptest01.c b/tests/libcgrouptest01.c -index acc229a..d7770a0 100644 ---- a/tests/libcgrouptest01.c -+++ b/tests/libcgrouptest01.c -@@ -60,11 +60,11 @@ int main(int argc, char *argv[]) - if (fs_mounted) { - ctl1 = atoi(argv[2]); - ctl2 = atoi(argv[3]); -- strncpy(mountpoint, argv[4], sizeof(mountpoint)); -+ strncpy(mountpoint, argv[4], sizeof(mountpoint) - 1); - cgroup_dbg("C:DBG: mountpoint1 as recieved from script=%s\n", - mountpoint); - if (fs_mounted == FS_MULTI_MOUNTED) { -- strncpy(mountpoint2, argv[5], sizeof(mountpoint2)); -+ strncpy(mountpoint2, argv[5], sizeof(mountpoint2) - 1); - cgroup_dbg("C:DBG: mountpoint2 as recieved from " - "script=%s\n", mountpoint2); - } -diff --git a/tests/read_stats.c b/tests/read_stats.c -index a1bc244..0583039 100644 ---- a/tests/read_stats.c -+++ b/tests/read_stats.c -@@ -63,7 +63,7 @@ int main(int argc, char *argv[]) - } - - root_len = strlen(info.full_path) - 1; -- strncpy(cgroup_path, info.path, FILENAME_MAX); -+ strncpy(cgroup_path, info.path, FILENAME_MAX - 1); - ret = read_stats(cgroup_path, controller); - if (ret < 0) - exit(EXIT_FAILURE); -@@ -72,7 +72,7 @@ int main(int argc, char *argv[]) - ECGEOF) { - if (info.type != CGROUP_FILE_TYPE_DIR) - continue; -- strncpy(cgroup_path, info.full_path + root_len, FILENAME_MAX); -+ strncpy(cgroup_path, info.full_path + root_len, FILENAME_MAX - 1); - strcat(cgroup_path, "/"); - ret = read_stats(cgroup_path, controller); - if (ret < 0) -diff --git a/tests/test_functions.c b/tests/test_functions.c -index 8f1d59e..f357ab2 100644 ---- a/tests/test_functions.c -+++ b/tests/test_functions.c -@@ -139,7 +139,7 @@ struct cgroup *create_new_cgroup_ds(int ctl, const char *grpname, - char group[FILENAME_MAX]; - char controller_name[FILENAME_MAX], control_file[FILENAME_MAX]; - -- strncpy(group, grpname, sizeof(group)); -+ strncpy(group, grpname, sizeof(group) - 1); - retval = set_controller(ctl, controller_name, control_file); - if (retval) { - fprintf(stderr, "Setting controller failled\n"); diff --git a/libcgroup-0.41-fix-infinite-loop.patch b/libcgroup-0.41-fix-infinite-loop.patch deleted file mode 100644 index a41347b22d0b303db10aa19238dcd1ecc2bbe0ab..0000000000000000000000000000000000000000 --- a/libcgroup-0.41-fix-infinite-loop.patch +++ /dev/null @@ -1,40 +0,0 @@ -From 62bab9d121d4fb416205f5ac53ad342184ae42b6 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Nikola=20Forr=C3=B3?= -Date: Tue, 8 Dec 2015 16:53:41 +0100 -Subject: [PATCH 2/6] api.c: fix infinite loop - -If getgrnam or getpwuid functions failed, the program entered -an infinite loop, because the rule pointer was never advanced. -This is now fixed by updating the pointer before continuing -to the next iteration. ---- - src/api.c | 8 ++++++-- - 1 file changed, 6 insertions(+), 2 deletions(-) - -diff --git a/src/api.c b/src/api.c -index df90a6f..217d6c9 100644 ---- a/src/api.c -+++ b/src/api.c -@@ -2664,13 +2664,17 @@ static struct cgroup_rule *cgroup_find_matching_rule_uid_gid(uid_t uid, - /* Get the group data. */ - sp = &(rule->username[1]); - grp = getgrnam(sp); -- if (!grp) -+ if (!grp) { -+ rule = rule->next; - continue; -+ } - - /* Get the data for UID. */ - usr = getpwuid(uid); -- if (!usr) -+ if (!usr) { -+ rule = rule->next; - continue; -+ } - - /* If UID is a member of group, we matched. */ - for (i = 0; grp->gr_mem[i]; i++) { --- -2.17.0 - diff --git a/libcgroup-0.41-fix-log-level.patch b/libcgroup-0.41-fix-log-level.patch deleted file mode 100644 index 30055e3220bd7c61f10b503a76160797bb54adc7..0000000000000000000000000000000000000000 --- a/libcgroup-0.41-fix-log-level.patch +++ /dev/null @@ -1,38 +0,0 @@ -From 7c99c167f41d3f8810808436d2ac58afc3a7d6c7 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Nikola=20Forr=C3=B3?= -Date: Tue, 17 Apr 2018 13:33:03 +0200 -Subject: [PATCH 5/6] api.c: Fix level of failed user/group lookup warnings -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Signed-off-by: Nikola Forró ---- - src/api.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/src/api.c b/src/api.c -index 51081b4..efde2d1 100644 ---- a/src/api.c -+++ b/src/api.c -@@ -639,7 +639,7 @@ static int cgroup_parse_rules(bool cache, uid_t muid, - uid = CGRULE_INVALID; - gid = grp->gr_gid; - } else { -- cgroup_dbg("Warning: Entry for %s not" -+ cgroup_warn("Warning: Entry for %s not" - "found. Skipping rule on line" - " %d.\n", itr, linenum); - skipped = true; -@@ -656,7 +656,7 @@ static int cgroup_parse_rules(bool cache, uid_t muid, - uid = pwd->pw_uid; - gid = CGRULE_INVALID; - } else { -- cgroup_dbg("Warning: Entry for %s not" -+ cgroup_warn("Warning: Entry for %s not" - "found. Skipping rule on line" - " %d.\n", user, linenum); - skipped = true; --- -2.17.0 - diff --git a/libcgroup-0.41-lex.patch b/libcgroup-0.41-lex.patch deleted file mode 100644 index bcd536a2e43e27b605657e12800897ced0f79369..0000000000000000000000000000000000000000 --- a/libcgroup-0.41-lex.patch +++ /dev/null @@ -1,25 +0,0 @@ -From a8c2e967e74d280cd3b8554af0c95d823647d1c0 Mon Sep 17 00:00:00 2001 -From: Jan Chaloupka -Date: Thu, 6 Feb 2014 11:43:18 +0100 -Subject: [PATCH] lex updated, additional '\' char for ID token - ---- - libcgroup-0.41/src/lex.l | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/libcgroup-0.41/src/lex.l b/libcgroup-0.41/src/lex.l -index 1b357db..d7bf575 100644 ---- a/libcgroup-0.41/src/lex.l -+++ b/libcgroup-0.41/src/lex.l -@@ -43,7 +43,7 @@ jmp_buf parser_error_env; - "namespace" {return NAMESPACE;} - "template" {return TEMPLATE;} - "default" {return DEFAULT;} --[a-zA-Z0-9_\-\/\.\,\%\@]+ {yylval.name = strdup(yytext); return ID;} -+[a-zA-Z0-9_\-\/\.\,\%\@\\]+ {yylval.name = strdup(yytext); return ID;} - \"[^"]*\" {yylval.name = strdup(yytext+1); yylval.name[strlen(yylval.name)-1] = '\0'; return ID; } - . {return yytext[0];} - %% --- -1.8.5.3 - diff --git a/libcgroup-0.41-prevent-buffer-overflow.patch b/libcgroup-0.41-prevent-buffer-overflow.patch deleted file mode 100644 index d4051599b784676fb0b390f345ab3a9bc659a9c9..0000000000000000000000000000000000000000 --- a/libcgroup-0.41-prevent-buffer-overflow.patch +++ /dev/null @@ -1,46 +0,0 @@ -From 9c80e2cb4bca26993a12027c46a274bb43645630 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Nikola=20Forr=C3=B3?= -Date: Wed, 22 Jun 2016 14:12:46 +0200 -Subject: [PATCH 3/6] api.c: fix potential buffer overflow -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -It is assumed that arguments read from /proc//cmdline don't exceed -buf_pname buffer size, which is FILENAME_MAX - 1 characters, but that's -not always the case. - -Add check to prevent buffer overflow and discard the excessive part of -an argument. - -Signed-off-by: Nikola Forró ---- - src/api.c | 6 +++++- - 1 file changed, 5 insertions(+), 1 deletion(-) - -diff --git a/src/api.c b/src/api.c -index 217d6c9..4d98081 100644 ---- a/src/api.c -+++ b/src/api.c -@@ -4065,13 +4065,17 @@ static int cg_get_procname_from_proc_cmdline(pid_t pid, - - while (c != EOF) { - c = fgetc(f); -- if ((c != EOF) && (c != '\0')) { -+ if ((c != EOF) && (c != '\0') && (len < FILENAME_MAX - 1)) { - buf_pname[len] = c; - len++; - continue; - } - buf_pname[len] = '\0'; - -+ if (len == FILENAME_MAX - 1) -+ while ((c != EOF) && (c != '\0')) -+ c = fgetc(f); -+ - /* - * The taken process name from /proc//status is - * shortened to 15 characters if it is over. So the --- -2.17.0 - diff --git a/libcgroup-0.41-size-of-controller-values.patch b/libcgroup-0.41-size-of-controller-values.patch deleted file mode 100644 index 08aba87acf04c1d649d821155a17f9d5d40deb3c..0000000000000000000000000000000000000000 --- a/libcgroup-0.41-size-of-controller-values.patch +++ /dev/null @@ -1,142 +0,0 @@ -From 5a64a79144e58a62426a34ef51b14e891f042fa2 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Nikola=20Forr=C3=B3?= -Date: Tue, 17 Apr 2018 13:54:38 +0200 -Subject: [PATCH 6/6] Increase maximal size of controller values -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Maximal length of a controller value is determined by CG_VALUE_MAX, -which is equal to 100. That is not sufficient in some cases. - -Add new constant CG_CONTROL_VALUE_MAX (to prevent breaking current API) -and set it to 4096, which is usually equal to the amount of bytes that -can be written to a sysctl file directly. - -Add warning message about exceeding the limit while parsing -configuration file. - -Signed-off-by: Nikola Forró ---- - src/api.c | 6 +++--- - src/libcgroup-internal.h | 5 ++++- - src/tools/cgset.c | 4 ++-- - src/wrapper.c | 17 ++++++++++++----- - 4 files changed, 21 insertions(+), 11 deletions(-) - -diff --git a/src/api.c b/src/api.c -index efde2d1..1cd30df 100644 ---- a/src/api.c -+++ b/src/api.c -@@ -1561,7 +1561,7 @@ static int cgroup_copy_controller_values(struct cgroup_controller *dst, - } - - dst_val = dst->values[i]; -- strncpy(dst_val->value, src_val->value, CG_VALUE_MAX); -+ strncpy(dst_val->value, src_val->value, CG_CONTROL_VALUE_MAX); - strncpy(dst_val->name, src_val->name, FILENAME_MAX); - dst_val->dirty = src_val->dirty; - } -@@ -2286,7 +2286,7 @@ static int cg_rd_ctrl_file(const char *subsys, const char *cgroup, - if (ctrl_file < 0) - return ECGROUPVALUENOTEXIST; - -- *value = calloc(CG_VALUE_MAX, 1); -+ *value = calloc(CG_CONTROL_VALUE_MAX, 1); - if (!*value) { - close(ctrl_file); - last_errno = errno; -@@ -2297,7 +2297,7 @@ static int cg_rd_ctrl_file(const char *subsys, const char *cgroup, - * using %as or fread crashes when we try to read from files like - * memory.stat - */ -- ret = read(ctrl_file, *value, CG_VALUE_MAX-1); -+ ret = read(ctrl_file, *value, CG_CONTROL_VALUE_MAX-1); - if (ret < 0) { - free(*value); - *value = NULL; -diff --git a/src/libcgroup-internal.h b/src/libcgroup-internal.h -index 4c0f46c..3a8e336 100644 ---- a/src/libcgroup-internal.h -+++ b/src/libcgroup-internal.h -@@ -32,6 +32,9 @@ __BEGIN_DECLS - /* Estimated number of groups created */ - #define MAX_GROUP_ELEMENTS 128 - -+/* Maximum length of a value */ -+#define CG_CONTROL_VALUE_MAX 4096 -+ - #define CG_NV_MAX 100 - #define CG_CONTROLLER_MAX 100 - /* Max number of mounted hierarchies. Event if one controller is mounted per -@@ -73,7 +76,7 @@ __BEGIN_DECLS - - struct control_value { - char name[FILENAME_MAX]; -- char value[CG_VALUE_MAX]; -+ char value[CG_CONTROL_VALUE_MAX]; - bool dirty; - }; - -diff --git a/src/tools/cgset.c b/src/tools/cgset.c -index ea9f90d..3d3c8cc 100644 ---- a/src/tools/cgset.c -+++ b/src/tools/cgset.c -@@ -151,8 +151,8 @@ int main(int argc, char *argv[]) - goto err; - } - -- strncpy(name_value[nv_number].value, buf, CG_VALUE_MAX); -- name_value[nv_number].value[CG_VALUE_MAX-1] = '\0'; -+ strncpy(name_value[nv_number].value, buf, CG_CONTROL_VALUE_MAX); -+ name_value[nv_number].value[CG_CONTROL_VALUE_MAX-1] = '\0'; - - nv_number++; - break; -diff --git a/src/wrapper.c b/src/wrapper.c -index c03472a..0952823 100644 ---- a/src/wrapper.c -+++ b/src/wrapper.c -@@ -132,10 +132,10 @@ int cgroup_add_value_string(struct cgroup_controller *controller, - if (!controller) - return ECGINVAL; - -- if (controller->index >= CG_VALUE_MAX) -+ if (controller->index >= CG_NV_MAX) - return ECGMAXVALUESEXCEEDED; - -- for (i = 0; i < controller->index && i < CG_VALUE_MAX; i++) { -+ for (i = 0; i < controller->index && i < CG_NV_MAX; i++) { - if (!strcmp(controller->values[i]->name, name)) - return ECGVALUEEXISTS; - } -@@ -145,8 +145,15 @@ int cgroup_add_value_string(struct cgroup_controller *controller, - if (!cntl_value) - return ECGCONTROLLERCREATEFAILED; - -- strncpy(cntl_value->name, name, sizeof(cntl_value->name)); -- strncpy(cntl_value->value, value, sizeof(cntl_value->value)); -+ if (strlen(value) >= sizeof(cntl_value->value)) { -+ fprintf(stderr, "value exceeds the maximum of %d characters\n", -+ sizeof(cntl_value->value)); -+ free(cntl_value); -+ return ECGCONFIGPARSEFAIL; -+ } -+ -+ strncpy(cntl_value->name, name, sizeof(cntl_value->name) - 1); -+ strncpy(cntl_value->value, value, sizeof(cntl_value->value) - 1); - cntl_value->dirty = true; - controller->values[controller->index] = cntl_value; - controller->index++; -@@ -356,7 +363,7 @@ int cgroup_set_value_string(struct cgroup_controller *controller, - for (i = 0; i < controller->index; i++) { - struct control_value *val = controller->values[i]; - if (!strcmp(val->name, name)) { -- strncpy(val->value, value, CG_VALUE_MAX); -+ strncpy(val->value, value, CG_CONTROL_VALUE_MAX - 1); - val->dirty = true; - return 0; - } --- -2.17.0 - diff --git a/libcgroup-0.41-tasks-file-warning.patch b/libcgroup-0.41-tasks-file-warning.patch deleted file mode 100644 index e094613f0b7edcfab60b32ab5a037d99290b9a16..0000000000000000000000000000000000000000 --- a/libcgroup-0.41-tasks-file-warning.patch +++ /dev/null @@ -1,49 +0,0 @@ -From 437b68f34c459d136c806e61dafb5825d2f97170 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Nikola=20Forr=C3=B3?= -Date: Tue, 17 Apr 2018 13:32:28 +0200 -Subject: [PATCH 4/6] api.c: Show warning when tasks file can not be opened -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Signed-off-by: Nikola Forró ---- - src/api.c | 12 ++++++++---- - 1 file changed, 8 insertions(+), 4 deletions(-) - -diff --git a/src/api.c b/src/api.c -index 4d98081..51081b4 100644 ---- a/src/api.c -+++ b/src/api.c -@@ -1190,12 +1190,15 @@ static int __cgroup_attach_task_pid(char *path, pid_t tid) - if (!tasks) { - switch (errno) { - case EPERM: -- return ECGROUPNOTOWNER; -+ ret = ECGROUPNOTOWNER; -+ break; - case ENOENT: -- return ECGROUPNOTEXIST; -+ ret = ECGROUPNOTEXIST; -+ break; - default: -- return ECGROUPNOTALLOWED; -+ ret = ECGROUPNOTALLOWED; - } -+ goto err; - } - ret = fprintf(tasks, "%d", tid); - if (ret < 0) { -@@ -1214,7 +1217,8 @@ static int __cgroup_attach_task_pid(char *path, pid_t tid) - err: - cgroup_warn("Warning: cannot write tid %d to %s:%s\n", - tid, path, strerror(errno)); -- fclose(tasks); -+ if (tasks) -+ fclose(tasks); - return ret; - } - --- -2.17.0 - diff --git a/libcgroup-0.41.tar.bz2 b/libcgroup-0.41.tar.bz2 deleted file mode 100644 index 5bcced83f0af3021bbb69f9396ce3d86b9f1a1a4..0000000000000000000000000000000000000000 Binary files a/libcgroup-0.41.tar.bz2 and /dev/null differ diff --git a/libcgroup.spec b/libcgroup.spec index 3e6c60825f9b354db5ab943c694a42f876b17839..d0ad247dce795369a7ddbdd1e13215bcfb67ee07 100644 --- a/libcgroup.spec +++ b/libcgroup.spec @@ -1,42 +1,16 @@ %define anolis_release .0.1 - -%global soversion_major 1 -%global soversion 1.0.41 -%global _hardened_build 1 - -Summary: Library to control and monitor control groups -Name: libcgroup -Version: 0.41 -Release: 19%{anolis_release}%{?dist} -License: LGPLv2+ -Group: Development/Libraries -URL: http://libcg.sourceforge.net/ -Source0: http://downloads.sourceforge.net/libcg/%{name}-%{version}.tar.bz2 -Source1: cgconfig.service - -Patch0: fedora-config.patch -Patch1: libcgroup-0.37-chmod.patch -Patch2: libcgroup-0.40.rc1-coverity.patch -Patch3: libcgroup-0.40.rc1-fread.patch -Patch4: libcgroup-0.40.rc1-templates-fix.patch -Patch5: libcgroup-0.41-lex.patch -Patch6: libcgroup-0.41-api.c-support-for-setting-multiline-values-in-contro.patch -# resolves #1348874 -Patch7: libcgroup-0.41-api.c-fix-order-of-memory-subsystem-parameters.patch -# resolves #1384504 -Patch8: libcgroup-0.41-api.c-preserve-dirty-flag.patch -Patch9: libcgroup-0.41-change-cgroup-of-threads.patch -Patch10: libcgroup-0.41-fix-infinite-loop.patch -Patch11: libcgroup-0.41-prevent-buffer-overflow.patch -Patch12: libcgroup-0.41-tasks-file-warning.patch -Patch13: libcgroup-0.41-fix-log-level.patch -Patch14: libcgroup-0.41-size-of-controller-values.patch -Patch15: libcgroup-0.41-CVE-2018-14348.patch -Patch16: libcgroup-0.41-coverity.patch - -BuildRequires: gcc, gcc-c++ -BuildRequires: byacc, coreutils, flex, pam-devel, systemd-units -Requires(pre): shadow-utils +Name: libcgroup +Version: 2.0 +Release: 1%{anolis_release}%{?dist} +Summary: iLibrary to control and monitor control groups + +License: LGPLv2+ +URL: http://libcg.sourceforge.net/ +Source0: https://github.com/%{name}/%{name}/archive/v%{version}/%{name}-%{version}.tar.bz2 +Source1: cgconfig.service + +BuildRequires: autoconf automake libtool gcc gcc-c++ make byacc coreutils flex pam-devel systemd-units +Requires(pre): shadow-utils Requires(post): systemd Requires(preun): systemd Requires(postun): systemd @@ -45,96 +19,68 @@ Requires(postun): systemd Control groups infrastructure. The library helps manipulate, control, administrate and monitor control groups and the associated controllers. -%package tools -Summary: Command-line utility programs, services and daemons for libcgroup -Group: System Environment/Base -Requires: %{name}%{?_isa} = %{version}-%{release} -# needed for Delegate property in cgconfig.service -Requires: systemd >= 217-0.2 +%package tools +Summary: Command-line utility programs, services and daemons for libcgroup +Requires: %{name}%{?_isa} = %{version}-%{release} +Requires: systemd -%description tools +%description tools This package contains command-line programs, services and a daemon for manipulating control groups using the libcgroup library. -%package pam -Summary: A Pluggable Authentication Module for libcgroup -Group: System Environment/Base -Requires: %{name}%{?_isa} = %{version}-%{release} +%package pam +Summary: A Pluggable Authentication Module for libcgroup +Requires: %{name}%{?_isa} = %{version}-%{release} -%description pam +%description pam Linux-PAM module, which allows administrators to classify the user's login processes to pre-configured control group. -%package devel -Summary: Development libraries to develop applications that utilize control groups -Group: Development/Libraries -Requires: %{name}%{?_isa} = %{version}-%{release} +%package devel +Summary: Development libraries to develop applications that utilize control groups +Requires: %{name}%{?_isa} = %{version}-%{release} -%description devel +%description devel It provides API to create/delete and modify cgroup nodes. It will also in the future allow creation of persistent configuration for control groups and provide scripts to manage that configuration. + %prep -%setup -q -n %{name}-%{version} -%patch0 -p1 -b .config-patch -%patch1 -p1 -b .chmod -%patch2 -p1 -b .coverity -%patch3 -p1 -b .fread -%patch4 -p1 -b .templates-fix -%patch5 -p2 -b .lex -%patch6 -p1 -%patch7 -p1 -%patch8 -p1 -%patch9 -p1 -%patch10 -p1 -%patch11 -p1 -%patch12 -p1 -%patch13 -p1 -%patch14 -p1 -%patch15 -p1 -%patch16 -p1 +%autosetup + %build +autoreconf -vif %configure --enable-pam-module-dir=%{_libdir}/security \ --enable-opaque-hierarchy="name=systemd" \ --disable-daemon %ifarch sw_64 make %else -make %{?_smp_mflags} +%make_build %endif %install -make DESTDIR=$RPM_BUILD_ROOT install +rm -rf $RPM_BUILD_ROOT +%make_install -# install config files install -d ${RPM_BUILD_ROOT}%{_sysconfdir} install -m 644 samples/cgconfig.conf $RPM_BUILD_ROOT/%{_sysconfdir}/cgconfig.conf install -m 644 samples/cgsnapshot_blacklist.conf $RPM_BUILD_ROOT/%{_sysconfdir}/cgsnapshot_blacklist.conf -# sanitize pam module, we need only pam_cgroup.so mv -f $RPM_BUILD_ROOT%{_libdir}/security/pam_cgroup.so.*.*.* $RPM_BUILD_ROOT%{_libdir}/security/pam_cgroup.so -rm -f $RPM_BUILD_ROOT%{_libdir}/security/pam_cgroup.la $RPM_BUILD_ROOT/%{_libdir}/security/pam_cgroup.so.* - -rm -f $RPM_BUILD_ROOT/%{_libdir}/*.la - +rm -f $RPM_BUILD_ROOT%{_libdir}/security/pam_cgroup.{,l}a $RPM_BUILD_ROOT/%{_libdir}/security/pam_cgroup.so.* +rm -f $RPM_BUILD_ROOT/%{_libdir}/*.{,l}a +rm -f $RPM_BUILD_ROOT/%{_libdir}/libcgroupfortesting.* rm -f $RPM_BUILD_ROOT/%{_mandir}/man5/cgred.conf.5* rm -f $RPM_BUILD_ROOT/%{_mandir}/man5/cgrules.conf.5* rm -f $RPM_BUILD_ROOT/%{_mandir}/man8/cgrulesengd.8* -# install unit and sysconfig files install -d ${RPM_BUILD_ROOT}%{_unitdir} install -m 644 %SOURCE1 ${RPM_BUILD_ROOT}%{_unitdir}/ install -d ${RPM_BUILD_ROOT}%{_sysconfdir}/sysconfig -%pre -getent group cgred >/dev/null || groupadd -r cgred - -%post -p /sbin/ldconfig - -%postun -p /sbin/ldconfig - %post tools %systemd_post cgconfig.service @@ -145,12 +91,8 @@ getent group cgred >/dev/null || groupadd -r cgred %systemd_postun_with_restart cgconfig.service %triggerun -- libcgroup < 0.38 -# Save the current service runlevel info -# User must manually run systemd-sysv-convert --apply cgconfig -# to migrate them to systemd targets /usr/bin/systemd-sysv-convert --save cgconfig >/dev/null 2>&1 ||: -# Run these because the SysV package being removed won't do them /sbin/chkconfig --del cgconfig >/dev/null 2>&1 || : /bin/systemctl try-restart cgconfig.service >/dev/null 2>&1 || : @@ -158,7 +100,8 @@ getent group cgred >/dev/null || groupadd -r cgred %{!?_licensedir:%global license %%doc} %license COPYING %doc README -%{_libdir}/libcgroup.so.* +%{_libdir}/libcgroup.so.1* +%{_libdir}/libcgset.so.0* %files tools %{!?_licensedir:%global license %%doc} @@ -166,17 +109,9 @@ getent group cgred >/dev/null || groupadd -r cgred %doc README README_systemd %config(noreplace) %{_sysconfdir}/cgconfig.conf %config(noreplace) %{_sysconfdir}/cgsnapshot_blacklist.conf -/usr/bin/cgcreate -/usr/bin/cgget -/usr/bin/cgset -/usr/bin/cgdelete -/usr/bin/lscgroup -/usr/bin/lssubsys -/usr/sbin/cgconfigparser -/usr/sbin/cgclear -/usr/bin/cgsnapshot -%attr(2755, root, cgred) /usr/bin/cgexec -%attr(2755, root, cgred) /usr/bin/cgclassify +%{_bindir}/* +%{_sbindir}/* +%attr(0755, root, root) %{_bindir}/cgexec %attr(0644, root, root) %{_mandir}/man1/* %attr(0644, root, root) %{_mandir}/man5/* %attr(0644, root, root) %{_mandir}/man8/* @@ -195,12 +130,16 @@ getent group cgred >/dev/null || groupadd -r cgred %{_includedir}/libcgroup.h %{_includedir}/libcgroup/*.h %{_libdir}/libcgroup.so +%{_libdir}/libcgset.so %{_libdir}/pkgconfig/libcgroup.pc %changelog -* Fri Jun 30 2023 wxiat - 0.41-19.0.1 +* Thu Nov 21 2024 wxiat - 2.0-1.0.1 - add sw arch +* Tue Mar 8 2022 forrest_ly - 2.0-1 +- update to libcgroup-2.0 + * Mon Oct 15 2018 Nikola Forró - 0.41-19 - resolves: #1606973 fix important Covscan defects