From 0b8fd22b2c499c47c3d3fa8a01071186db0d7538 Mon Sep 17 00:00:00 2001 From: Serge Hallyn Date: Mon, 29 Feb 2016 17:46:06 -0800 Subject: [PATCH 1/2] libpam_cgm: do handle the name=systemd controller It's required if we want to run systemd in a container. Signed-off-by: Serge Hallyn --- pam/pam_cgm.c | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/pam/pam_cgm.c b/pam/pam_cgm.c index 1e6ce80..ea08d79 100644 --- a/pam/pam_cgm.c +++ b/pam/pam_cgm.c @@ -4,9 +4,8 @@ * Author: Serge Hallyn * * When a user logs in, this pam module will create cgroups which - * the user may administer, for all controllers except name=systemd, - * or for any controllers listed on the command line (if any are - * listed). + * the user may administer, for any controllers listed on the command + * line or, if none are listed, then all available controllers. * * The cgroup created will be "user/$user/0" for the first session, * "user/$user/1" for the second, etc. @@ -62,8 +61,6 @@ static void get_active_controllers(void) return; } for (i = 0; list[i]; i++) { - if (strcmp(list[i], "name=systemd") == 0) - continue; NIH_MUST( nih_strcat_sprintf(&ctrl_list, NULL, "%s%s", ctrl_list ? "," : "", list[i]) ); } From 832f678d1f88ad3d4161650c5bc56177bdf32c85 Mon Sep 17 00:00:00 2001 From: Serge Hallyn Date: Mon, 29 Feb 2016 17:50:45 -0800 Subject: [PATCH 2/2] libpam-cgm: handle comounts When checking whether a controller is in a list, we need to accept that the controller may also be a list. Signed-off-by: Serge Hallyn --- pam/pam_cgm.c | 20 +++++++++++++++++--- 1 file changed, 17 insertions(+), 3 deletions(-) diff --git a/pam/pam_cgm.c b/pam/pam_cgm.c index ea08d79..ad5d4fa 100644 --- a/pam/pam_cgm.c +++ b/pam/pam_cgm.c @@ -68,10 +68,18 @@ static void get_active_controllers(void) static bool is_in_list(char *which, char **list) { int i; + size_t wlen = strlen(which); for (i = 0; list[i]; i++) { - if (strcmp(which, list[i]) == 0) - return true; + char *o = list[i]; + while (o) { + char *p = index(o, ','); + size_t len = p ? p - o : strlen(o); + + if (len == wlen && strncmp(o, which, wlen) == 0) + return true; + o = p ? p + 1 : NULL; + } } return false; } @@ -188,8 +196,14 @@ int pam_sm_open_session(pam_handle_t *pamh, int flags, int argc, mysyslog(LOG_ERR, "Failed to connect to cgmanager\n"); return PAM_SESSION_ERR; } - if (argc > 1 && strcmp(argv[0], "-c") == 0) + if (argc > 1 && strcmp(argv[0], "-c") == 0) { ctrl_list = validate_and_dup(argv[1]); + if (!ctrl_list) { + cgm_dbus_disconnect(); + mysyslog(LOG_ERR, "PAM-CGM: bad controller arguments\n"); + return PAM_SESSION_ERR; + } + } if (!ctrl_list) get_active_controllers(); cgm_escape();