Updated to 0.41

- resolves: #966008
  updated to 0.41
- removed deprecated cgred service
  please use Control Group Interface in Systemd instead

.gitignore

@@ -1,5 +1 @@
-libcgroup-0.36.2.tar.bz2
-/libcgroup-0.37.tar.bz2
-/libcgroup-0.37.1.tar.bz2
-/libcgroup-0.38.rc1.tar.bz2
-/libcgroup-0.38.tar.bz2
+/libcgroup-0.41.tar.bz2

cgred.service

@@ -1,11 +0,0 @@
-[Unit]
-Description=CGroups Rules Engine Daemon
-After=syslog.target
-
-[Service]
-Type=forking
-EnvironmentFile=-/etc/sysconfig/cgred
-ExecStart=/usr/sbin/cgrulesengd $OPTIONS
-
-[Install]
-WantedBy=multi-user.target

cgred.sysconfig

@@ -1,2 +0,0 @@
-# cgrulesengd command line options. See cgrulesengd(8).
-OPTIONS="-s -g cgred"

libcgroup-0.37-chmod.patch

@@ -0,0 +1,31 @@
+diff -up libcgroup-0.41/src/api.c.chmod libcgroup-0.41/src/api.c
+--- libcgroup-0.41/src/api.c.chmod	2014-01-13 15:05:56.000000000 +0100
++++ libcgroup-0.41/src/api.c	2014-01-13 20:41:55.255577622 +0100
+@@ -153,6 +153,10 @@ static int cg_chown_file(FTS *fts, FTSEN
+ 	return ret;
+ }
+ 
++int cg_chmod_file(FTS *fts, FTSENT *ent, mode_t dir_mode,
++	int dirm_change, mode_t file_mode, int filem_change,
++	int owner_is_umask);
++
+ /*
+  * TODO: Need to decide a better place to put this function.
+  */
+@@ -160,6 +164,8 @@ static int cg_chown_recursive(char **pat
+ {
+ 	int ret = 0;
+ 	FTS *fts;
++	/* mode 664 */
++	mode_t mode = S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP | S_IROTH;
+ 
+ 	cgroup_dbg("chown: path is %s\n", *path);
+ 	fts = fts_open(path, FTS_PHYSICAL | FTS_NOCHDIR |
+@@ -177,6 +183,7 @@ static int cg_chown_recursive(char **pat
+ 			cgroup_warn("Warning: fts_read failed\n");
+ 			break;
+ 		}
++		cg_chmod_file(fts, ent, mode, 0, mode, 1, 1);
+ 		ret = cg_chown_file(fts, ent, owner, group);
+ 	}
+ 	fts_close(fts);

libcgroup-0.40.rc1-coverity.patch

@@ -0,0 +1,99 @@
+diff -up libcgroup-0.41/src/api.c.coverity libcgroup-0.41/src/api.c
+--- libcgroup-0.41/src/api.c.coverity	2014-01-13 20:52:49.853838149 +0100
++++ libcgroup-0.41/src/api.c	2014-01-13 20:52:49.854838142 +0100
+@@ -2791,7 +2791,6 @@ static int cgroup_create_template_group(
+ 	if (group_name == NULL) {
+ 		ret = ECGOTHER;
+ 		last_errno = errno;
+-		free(template_name);
+ 		goto end;
+ 	}
+ 
+diff -up libcgroup-0.41/src/config.c.coverity libcgroup-0.41/src/config.c
+--- libcgroup-0.41/src/config.c.coverity	2014-01-13 15:05:56.000000000 +0100
++++ libcgroup-0.41/src/config.c	2014-01-13 20:52:49.854838142 +0100
+@@ -323,7 +323,7 @@ int config_group_task_perm(char *perm_ty
+ 	long val = atoi(value);
+ 	char buffer[CGROUP_BUFFER_LEN];
+ 	struct cgroup *config_cgroup;
+-	int table_index;
++	int table_index, ret;
+ 
+ 	switch (flag) {
+ 	case CGROUP:
+@@ -367,10 +367,10 @@ int config_group_task_perm(char *perm_ty
+ 			if (!group)
+ 				goto group_task_error;
+ 
+-			getgrnam_r(value, group, buffer,
++			ret = getgrnam_r(value, group, buffer,
+ 					CGROUP_BUFFER_LEN, &group_buffer);
+ 
+-			if (group_buffer == NULL) {
++			if (ret != 0 || group_buffer == NULL) {
+ 				free(group);
+ 				goto group_task_error;
+ 			}
+@@ -436,7 +436,7 @@ int config_group_admin_perm(char *perm_t
+ 	struct cgroup *config_cgroup;
+ 	long val = atoi(value);
+ 	char buffer[CGROUP_BUFFER_LEN];
+-	int table_index;
++	int table_index, ret;
+ 
+ 	switch (flag) {
+ 	case CGROUP:
+@@ -479,10 +479,10 @@ int config_group_admin_perm(char *perm_t
+ 			if (!group)
+ 				goto admin_error;
+ 
+-			getgrnam_r(value, group, buffer,
++			ret = getgrnam_r(value, group, buffer,
+ 					CGROUP_BUFFER_LEN, &group_buffer);
+ 
+-			if (group_buffer == NULL) {
++			if (ret != 0 || group_buffer == NULL) {
+ 				free(group);
+ 				goto admin_error;
+ 			}
+diff -up libcgroup-0.41/src/daemon/cgrulesengd.c.coverity libcgroup-0.41/src/daemon/cgrulesengd.c
+--- libcgroup-0.41/src/daemon/cgrulesengd.c.coverity	2014-01-13 15:05:56.000000000 +0100
++++ libcgroup-0.41/src/daemon/cgrulesengd.c	2014-01-13 20:52:49.854838142 +0100
+@@ -646,7 +646,7 @@ close:
+ 
+ static int cgre_create_netlink_socket_process_msg(void)
+ {
+-	int sk_nl = 0, sk_unix = 0, sk_max;
++	int sk_nl = -1, sk_unix = -1, sk_max;
+ 	struct sockaddr_nl my_nla;
+ 	char buff[BUFF_SIZE];
+ 	int rc = -1;
+@@ -784,9 +784,9 @@ static int cgre_create_netlink_socket_pr
+ 	}
+ 
+ close_and_exit:
+-	if (sk_nl > 0)
++	if (sk_nl > -1)
+ 		close(sk_nl);
+-	if (sk_unix > 0)
++	if (sk_unix > -1)
+ 		close(sk_unix);
+ 	return rc;
+ }
+diff -upr libcgroup-0.40.rc1.orig/src/tools/lscgroup.c libcgroup-0.40.rc1/src/tools/lscgroup.c
+--- libcgroup-0.40.rc1.orig/src/tools/lscgroup.c	2013-05-21 15:36:04.000000000 +0200
++++ libcgroup-0.40.rc1/src/tools/lscgroup.c	2013-11-04 14:26:53.400473523 +0100
+@@ -97,11 +97,11 @@ static int display_controller_data(char
+ 	if (ret != 0)
+ 		return ret;
+ 
+-	strncpy(cgroup_dir_path, info.full_path, FILENAME_MAX);
++	strncpy(cgroup_dir_path, info.full_path, FILENAME_MAX - 1);
+ 	/* remove problematic  '/' characters from cgroup directory path*/
+ 	trim_filepath(cgroup_dir_path);
+ 
+-	strncpy(input_dir_path, input_path, FILENAME_MAX);
++	strncpy(input_dir_path, input_path, FILENAME_MAX - 1);
+ 
+ 	/* remove problematic  '/' characters from input directory path*/
+ 	trim_filepath(input_dir_path);

libcgroup-0.40.rc1-fread.patch

@@ -0,0 +1,49 @@
+diff -up libcgroup-0.41/src/api.c.fread libcgroup-0.41/src/api.c
+--- libcgroup-0.41/src/api.c.fread	2014-01-13 21:01:32.067067615 +0100
++++ libcgroup-0.41/src/api.c	2014-01-13 21:01:32.070067594 +0100
+@@ -2232,29 +2232,29 @@ static int cg_rd_ctrl_file(const char *s
+ 					const char *file, char **value)
+ {
+ 	char path[FILENAME_MAX];
+-	FILE *ctrl_file = NULL;
+-	int ret;
++	int ctrl_file = -1;
++	ssize_t ret;
+ 
+ 	if (!cg_build_path_locked(cgroup, path, subsys))
+ 		return ECGFAIL;
+ 
+ 	strncat(path, file, sizeof(path) - strlen(path));
+-	ctrl_file = fopen(path, "re");
+-	if (!ctrl_file)
++	ctrl_file = open(path, O_RDONLY | O_CLOEXEC);
++	if (ctrl_file < 0)
+ 		return ECGROUPVALUENOTEXIST;
+ 
+ 	*value = calloc(CG_VALUE_MAX, 1);
+ 	if (!*value) {
+-		fclose(ctrl_file);
++		close(ctrl_file);
+ 		last_errno = errno;
+ 		return ECGOTHER;
+ 	}
+ 
+ 	/*
+-	 * using %as crashes when we try to read from files like
++	 * using %as or fread crashes when we try to read from files like
+ 	 * memory.stat
+ 	 */
+-	ret = fread(*value, 1, CG_VALUE_MAX-1, ctrl_file);
++	ret = read(ctrl_file, *value, CG_VALUE_MAX-1);
+ 	if (ret < 0) {
+ 		free(*value);
+ 		*value = NULL;
+@@ -2264,7 +2264,7 @@ static int cg_rd_ctrl_file(const char *s
+ 			(*value)[ret-1] = '\0';
+ 	}
+ 
+-	fclose(ctrl_file);
++	close(ctrl_file);
+ 
+ 	return 0;
+ }

libcgroup-0.40.rc1-templates-fix.patch

@@ -0,0 +1,16 @@
+diff -up libcgroup-0.41/src/api.c.templates-fix libcgroup-0.41/src/api.c
+--- libcgroup-0.41/src/api.c.templates-fix	2014-01-13 21:04:36.933747000 +0100
++++ libcgroup-0.41/src/api.c	2014-01-13 21:16:44.478580105 +0100
+@@ -2974,10 +2974,10 @@ int cgroup_change_cgroup_flags(uid_t uid
+ 						available, "%d", pid);
+ 					break;
+ 				case 'p':
+-					if(procname) {
++					if(procname && strlen(basename(procname))) {
+ 						written = snprintf(newdest + j,
+ 							available, "%s",
+-							procname);
++							basename(procname));
+ 					} else {
+ 						written = snprintf(newdest + j,
+ 							available, "%d", pid);

libcgroup.spec

@@ -1,19 +1,22 @@
 %global soversion_major 1
-%global soversion 1.0.38
+%global soversion 1.0.41
+%global _hardened_build 1
 
 Summary: Library to control and monitor control groups
 Name: libcgroup
-Version: 0.38
-Release: 7%{?dist}
+Version: 0.41
+Release: 1%{?dist}
 License: LGPLv2+
 Group: Development/Libraries
 URL: http://libcg.sourceforge.net/
 Source0: http://downloads.sourceforge.net/libcg/%{name}-%{version}.tar.bz2
 Source1: cgconfig.service
-Source2: cgred.service
-Source3: cgred.sysconfig
 
 Patch0: fedora-config.patch
+Patch1: libcgroup-0.37-chmod.patch
+Patch2: libcgroup-0.40.rc1-coverity.patch
+Patch3: libcgroup-0.40.rc1-fread.patch
+Patch4: libcgroup-0.40.rc1-templates-fix.patch
 
 BuildRequires: byacc, coreutils, flex, pam-devel, systemd-units
 Requires(pre): shadow-utils
@@ -54,12 +57,17 @@ future allow creation of persistent configuration for control groups and
 provide scripts to manage that configuration.
 
 %prep
-%setup -q
+%setup  -q  -n %{name}-%{version}
 %patch0 -p1 -b .config-patch
+%patch1 -p1 -b .chmod
+%patch2 -p1 -b .coverity
+%patch3 -p1 -b .fread
+%patch4 -p1 -b .templates-fix
 
 %build
 %configure --enable-pam-module-dir=%{_libdir}/security \
-           --enable-opaque-hierarchy="name=systemd"
+           --enable-opaque-hierarchy="name=systemd" \
+           --disable-daemon
 make %{?_smp_mflags}
 
 %install
@@ -68,7 +76,6 @@ make DESTDIR=$RPM_BUILD_ROOT install
 # install config files
 install -d ${RPM_BUILD_ROOT}%{_sysconfdir}
 install -m 644 samples/cgconfig.conf $RPM_BUILD_ROOT/%{_sysconfdir}/cgconfig.conf
-install -m 644 samples/cgrules.conf $RPM_BUILD_ROOT/%{_sysconfdir}/cgrules.conf
 install -m 644 samples/cgsnapshot_blacklist.conf $RPM_BUILD_ROOT/%{_sysconfdir}/cgsnapshot_blacklist.conf
 
 # sanitize pam module, we need only pam_cgroup.so
@@ -77,53 +84,49 @@ rm -f $RPM_BUILD_ROOT%{_libdir}/security/pam_cgroup.la $RPM_BUILD_ROOT/%{_libdir
 
 rm -f $RPM_BUILD_ROOT/%{_libdir}/*.la
 
+rm -f $RPM_BUILD_ROOT/%{_mandir}/man5/cgred.conf.5*
+rm -f $RPM_BUILD_ROOT/%{_mandir}/man5/cgrules.conf.5*
+rm -f $RPM_BUILD_ROOT/%{_mandir}/man8/cgrulesengd.8*
+
 # install unit and sysconfig files
 install -d ${RPM_BUILD_ROOT}%{_unitdir}
 install -m 644 %SOURCE1 ${RPM_BUILD_ROOT}%{_unitdir}/
-install -m 644 %SOURCE2 ${RPM_BUILD_ROOT}%{_unitdir}/
 install -d ${RPM_BUILD_ROOT}%{_sysconfdir}/sysconfig
-install -m 644 %SOURCE3 ${RPM_BUILD_ROOT}%{_sysconfdir}/sysconfig/cgred
+
+%pre
+getent group cgred >/dev/null || groupadd -r cgred
 
 %post -p /sbin/ldconfig
 
 %postun -p /sbin/ldconfig
 
-%pre tools
-getent group cgred >/dev/null || groupadd -r cgred
-
 %post tools
-%systemd_post cgconfig.service cgred.service
+%systemd_post cgconfig.service
 
 %preun tools
-%systemd_preun cgconfig.service cgred.service
+%systemd_preun cgconfig.service
 
 %postun tools
-%systemd_postun_with_restart cgconfig.service cgred.service
+%systemd_postun_with_restart cgconfig.service
 
 %triggerun -- libcgroup < 0.38
 # Save the current service runlevel info
-# User must manually run systemd-sysv-convert --apply cgconfig/cgred
+# User must manually run systemd-sysv-convert --apply cgconfig
 # to migrate them to systemd targets
 /usr/bin/systemd-sysv-convert --save cgconfig >/dev/null 2>&1 ||:
-/usr/bin/systemd-sysv-convert --save cgred >/dev/null 2>&1 ||:
 
 # Run these because the SysV package being removed won't do them
 /sbin/chkconfig --del cgconfig >/dev/null 2>&1 || :
 /bin/systemctl try-restart cgconfig.service >/dev/null 2>&1 || :
-/sbin/chkconfig --del cgred >/dev/null 2>&1 || :
-/bin/systemctl try-restart cgred.service >/dev/null 2>&1 || :
 
 %files
 %doc COPYING README
 %{_libdir}/libcgroup.so.*
 
 %files tools
-%doc COPYING README README_daemon README_systemd
+%doc COPYING README README_systemd
 %config(noreplace) %{_sysconfdir}/cgconfig.conf
-%config(noreplace) %{_sysconfdir}/cgrules.conf
 %config(noreplace) %{_sysconfdir}/cgsnapshot_blacklist.conf
-%config(noreplace) %{_sysconfdir}/sysconfig/cgred
-/usr/bin/cgclassify
 /usr/bin/cgcreate
 /usr/bin/cgget
 /usr/bin/cgset
@@ -131,15 +134,14 @@ getent group cgred >/dev/null || groupadd -r cgred
 /usr/bin/lscgroup
 /usr/bin/lssubsys
 /usr/sbin/cgconfigparser
-/usr/sbin/cgrulesengd
 /usr/sbin/cgclear
 /usr/bin/cgsnapshot
 %attr(2755, root, cgred) /usr/bin/cgexec
+%attr(2755, root, cgred) /usr/bin/cgclassify
 %attr(0644, root, root) %{_mandir}/man1/*
 %attr(0644, root, root) %{_mandir}/man5/*
 %attr(0644, root, root) %{_mandir}/man8/*
 %{_unitdir}/cgconfig.service
-%{_unitdir}/cgred.service
 
 %files pam
 %doc COPYING README
@@ -153,6 +155,12 @@ getent group cgred >/dev/null || groupadd -r cgred
 %{_libdir}/pkgconfig/libcgroup.pc
 
 %changelog
+* Tue Jan 14 2014 Peter Schiffer <pschiffe@redhat.com> 0.41-1
+- resolves: #966008
+  updated to 0.41
+- removed deprecated cgred service
+  please use Control Group Interface in Systemd instead
+
 * Sat Aug 03 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.38-7
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
 

sources

@@ -1 +1 @@
-f0f7d4060bf36ccc19d75dbf4f1695db  libcgroup-0.38.tar.bz2
+3dea9d50b8a5b73ff0bf1cdcb210f63f  libcgroup-0.41.tar.bz2