!58 解决libcgroup工具无法挂载多个controller到同一挂载点的问题

From: @lipengyu001 
Reviewed-by: @yangzhao_kl 
Signed-off-by: @yangzhao_kl

0006-Paralell-build-fix-7.patch

@@ -0,0 +1,42 @@
+From f3932c268e3fd599866560f4f037df1fab50d581 Mon Sep 17 00:00:00 2001
+From: Koji Builder <koji@dummy.lan>
+Date: Sat, 11 Jul 2020 16:22:48 +0100
+Subject: [PATCH] Paralell build fix #7
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+All source soce files which first needs to be generated needs to be listed in
+BUILT_SOURCES.
+This patch adds to that automake variable parse.c and parse.h because they are
+listed below in libcgroup_la_SOURCES.
+
+Documentetion of the BUILT_SOURCES is on:
+https://www.gnu.org/software/automake/manual/html_node/Sources.html
+
+Conflict:No
+Reference:https://github.com/libcgroup/libcgroup/commit/f3932c268e3fd599866560f4f037df1fab50d581
+
+https://github.com/libcgroup/libcgroup/issues/7
+
+Reported-by: Tomasz Kłoczko <kloczek@giithub.com>
+Signed-off-by: Tomasz Kłoczko <kloczek@giithub.com>
+---
+ src/Makefile.am | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/src/Makefile.am b/src/Makefile.am
+index 9fc965b..9de4822 100644
+--- a/src/Makefile.am
++++ b/src/Makefile.am
+@@ -1,5 +1,7 @@
+ @CODE_COVERAGE_RULES@
+ 
++BUILT_SOURCES = parse.c parse.h
++
+ if WITH_BINDINGS
+ BINDINGS_SUBDIR = bindings
+ endif
+-- 
+2.43.0
+

Add-support-for-multiple-controllers-on-same-mount-point.patch

@@ -0,0 +1,73 @@
+From 1baa067a84d5f6e1ee00bf512f917aa8cd15d275 Mon Sep 17 00:00:00 2001
+From: lipengyu <lipengyu@kylinos.cn>
+Date: Fri, 6 Dec 2024 15:20:22 +0800
+Subject: [PATCH] Add-support-for-multipe-controllers-on-same-mount-point
+
+---
+ src/config.c | 29 ++++++++++++++++++++++++++++-
+ 1 file changed, 28 insertions(+), 1 deletion(-)
+
+diff --git a/src/config.c b/src/config.c
+index 3ffa263..734f267 100644
+--- a/src/config.c
++++ b/src/config.c
+@@ -625,6 +625,22 @@ void cgroup_config_cleanup_namespace_table(void)
+ 			sizeof(struct cg_mount_table_s) * CG_CONTROLLER_MAX);
+ }
+ 
++static int is_valid_controller(char *ctrl)
++{
++	int i;
++
++	static const char *ctrl_list[] = { "blkio", "cpu", "cpuacct", "cpuset", "devices",
++					"freezer", "hugetlb", "memory", "misc", "net_cls",
++					"net_prio", "perf_event", "pids", "rdma", NULL };
++
++	for (i = 0; ctrl_list[i]; i++) {
++		if (strncmp(ctrl, ctrl_list[i], strlen(ctrl_list[i])) == 0)
++			return 1;
++	}
++
++	return 0;
++}
++
+ /**
+  * Add necessary options for mount. Currently only 'none' option is added
+  * for mounts with only 'name=xxx' and without real controller.
+@@ -653,6 +669,9 @@ static int cgroup_config_ajdust_mount_options(struct cg_mount_table_s *mount,
+ 					break;
+ 				strncpy(mount->name, controller, sizeof(mount->name));
+ 				mount->name[sizeof(mount->name)-1] = '\0';
++				free(controller);
++				token = strtok_r(NULL, ",", &save);
++				continue;				
+ 			}
+ 
+ 			if (strncmp(token, "nodev", strlen("nodev")) == 0) {
+@@ -665,6 +684,15 @@ static int cgroup_config_ajdust_mount_options(struct cg_mount_table_s *mount,
+ 				*flags |= MS_NOSUID;
+ 			}
+ 
++			if (is_valid_controller(token)) {
++				controller = strdup(token);
++				if (controller == NULL)
++					break;
++				strncat(mount->name, ",", FILENAME_MAX - strlen(mount->name)-1);
++				strncat(mount->name, controller, FILENAME_MAX - strlen(mount->name) - 1);
++				free(controller);
++			}			
++
+ 		} else if (!name_only) {
+ 			/*
+ 			 * We have controller + name=, do the right thing, since
+@@ -677,7 +705,6 @@ static int cgroup_config_ajdust_mount_options(struct cg_mount_table_s *mount,
+ 		token = strtok_r(NULL, ",", &save);
+ 	}
+ 
+-	free(controller);
+ 	free(opts);
+ 
+ 	if (name_only) {
+-- 
+2.25.1
+

libcgroup.spec

@@ -5,7 +5,7 @@
 Summary: Libcgroup is a library that abstracts the control group file system in Linux
 Name: libcgroup
 Version: 0.42.2
-Release: 2
+Release: 6
 License: LGPLv2+
 URL: http://libcg.sourceforge.net/
 Source0: https://github.com/%{name}/%{name}/archive/v%{version}/%{name}-v%{version}.tar.gz
@@ -18,6 +18,9 @@ Patch1: libcgroup-0.37-chmod.patch
 Patch2: libcgroup-0.40.rc1-coverity.patch
 Patch3: libcgroup-0.40.rc1-fread.patch
 Patch4: libcgroup-0.40.rc1-templates-fix.patch
+Patch5: pam-cgroup-cgflags-no-usecache.patch
+Patch6: 0006-Paralell-build-fix-7.patch
+Patch7: Add-support-for-multiple-controllers-on-same-mount-point.patch
 
 BuildRequires: autoconf, automake, libtool
 BuildRequires: gcc,gcc-c++,byacc
@@ -50,11 +53,18 @@ It provides helpful information for libcgroup-pam,libcgroup-devel,libcgroup-tool
 %patch2 -p1
 %patch3 -p1
 %patch4 -p1
+%patch5 -p1
+%patch6 -p1
+%patch7 -p1
 
 %build
 autoreconf -vif
 %configure --enable-pam-module-dir=%{_libdir}/security --enable-opaque-hierarchy="name=systemd" --disable-daemon
+%ifarch sw_64
+make
+%else
 make %{?_smp_mflags}
+%endif
 
 %install
 make DESTDIR=$RPM_BUILD_ROOT install
@@ -63,6 +73,7 @@ make DESTDIR=$RPM_BUILD_ROOT install
 install -d ${RPM_BUILD_ROOT}%{_sysconfdir}
 install -d ${RPM_BUILD_ROOT}%{_sysconfdir}/sysconfig
 install -m 644 samples/cgconfig.conf $RPM_BUILD_ROOT%{_sysconfdir}/cgconfig.conf
+install -m 644 samples/cgrules.conf $RPM_BUILD_ROOT%{_sysconfdir}/cgrules.conf
 install -m 644 samples/cgsnapshot_blacklist.conf $RPM_BUILD_ROOT%{_sysconfdir}/cgsnapshot_blacklist.conf
 
 # Only one pam_cgroup.so is needed
@@ -104,6 +115,7 @@ getent group cgred >/dev/null || groupadd -r cgred
 %{_libdir}/libcgroup.so.*
 %config(noreplace) %{_sysconfdir}/cgsnapshot_blacklist.conf
 %config(noreplace) %{_sysconfdir}/cgconfig.conf
+%config(noreplace) %{_sysconfdir}/cgrules.conf
 /usr/bin/cgget
 /usr/bin/cgset
 /usr/bin/cgcreate
@@ -134,6 +146,30 @@ getent group cgred >/dev/null || groupadd -r cgred
 %attr(0644, root, root) %{_mandir}/man8/*
 
 %changelog
+* Tue Nov 26 2024 lipengyu <lipengyu@kylinos.cn> - 0.42.2-6
+- Type: upadte
+- Id:NA
+- SUG:NA
+- DESC:Add support for multiple controllers on same mount point
+
+* Wed Dec 04 2024 liuxu <liuxu156@huawei.com> - 0.42.2-5
+- Type:bugfix
+- CVE:NA
+- SUG:NA
+- DESC:Paralell build fix
+
+* Tue Oct 24 2023 wanfeng<wanfeng@kylinos.cn> - 0.42.2-4
+- Type:bugfix
+- CVE:NA
+- SUG:NA
+- DESC:modify the mode of read rules for pam_cgroup
+
+* Thu Nov 3 2022 wuzx<wuzx1226@qq.com> - 0.42.2-3
+- Type:feature
+- CVE:NA
+- SUG:NA
+- DESC:Add sw64 architecture
+
 * Thu May 5 2022 wangfengtu<wangfengtu@huawei.com> - 0.42.2-2
 - Type: upgrade
 - Id:NA

pam-cgroup-cgflags-no-usecache.patch

@@ -0,0 +1,26 @@
+diff --git a/include/libcgroup/tasks.h b/include/libcgroup/tasks.h
+index aad438a..22f17d8 100644
+--- a/include/libcgroup/tasks.h
++++ b/include/libcgroup/tasks.h
+@@ -20,6 +20,8 @@ enum cgflags {
+ 	CGFLAG_USECACHE = 0x01,
+ 	/** Use cached templates, do not read templates from disk. */
+ 	CGFLAG_USE_TEMPLATE_CACHE = 0x02,
++	/** read rules from disk. */
++	CGFLAG_NOUSECACHE = 0x04,
+ };
+ 
+ /** Flags for cgroup_register_unchanged_process(). */
+diff --git a/src/pam/pam_cgroup.c b/src/pam/pam_cgroup.c
+index 1d78b81..fb427b4 100644
+--- a/src/pam/pam_cgroup.c
++++ b/src/pam/pam_cgroup.c
+@@ -138,7 +138,7 @@ PAM_EXTERN int pam_sm_open_session(pam_handle_t *pamh, int flags,
+ 	 * under what egid service will be provided?
+ 	 */
+ 	ret = cgroup_change_cgroup_uid_gid_flags(pwd->pw_uid,
+-		pwd->pw_gid, pid, CGFLAG_USECACHE);
++		pwd->pw_gid, pid, CGFLAG_NOUSECACHE);
+ 	if (ret) {
+ 		if (ctrl & PAM_DEBUG_ARG)
+ 			pam_syslog(pamh, LOG_ERR, "Change of cgroup for process"