Re: Pam module seems to have an issue with priority

[Noah McNallie <njm@xxxxxxx>]

I find this to be a problem with the /CGFLAG_USECACHE flag which I will 
patch on my machine to test. Correct me if I'm wrong./

/Noah J. McNallie
/

On 7/6/2016 5:26 PM, Noah McNallie wrote:
> Hi, I'm trying to use cgroups for cron and su and ssh login so I added 
> the following in 'system-auth' which they all include gentoo:
>
> session         required        pam_cgroup.so debug
>
> My cgconfig.conf looks as follows:
>
> #
> #  Copyright IBM Corporation. 2007
> #
> #  Authors:     Balbir Singh <balbir@xxxxxxxxxxxxxxxxxx>
> #  This program is free software; you can redistribute it and/or 
> modify it
> #  under the terms of version 2.1 of the GNU Lesser General Public 
> License
> #  as published by the Free Software Foundation.
> #
> #  This program is distributed in the hope that it would be useful, but
> #  WITHOUT ANY WARRANTY; without even the implied warranty of
> #  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
> #
> mount {
>     cpuset  = /sys/fs/cgroup/cpuset;
>     cpu     = /sys/fs/cgroup/cpu;
>     cpuacct = /sys/fs/cgroup/cpuacct;
>     memory  = /sys/fs/cgroup/memory;
> }
>
> group users/alex {
>          perm {
>          task {
>              uid = alex;
>              gid = alex;
>           } admin {
>              uid = root;
>              gid = root;
>           }
>         }
>         cpu {
>                 cpu.shares = 100;
>         }
>         memory {
>                 memory.limit_in_bytes = 134217728;
>         }
> }
>
> -- END --
>
> And my cgrules.conf looks like this:
>
> # /etc/cgrules.conf
> #The format of this file is described in cgrules.conf(5)
> #manual page.
> #
> # Example:
> #<user>         <controllers>   <destination>
> #@student       cpu,memory      usergroup/student/
> #peter          cpu             test1/
> #%              memory          test2/
> # End of file
> alex            cpu,memory      users/alex
>
> -- END --
>
> Now when I su to user alex I see this in /var/log/messages:
>
> Jul  6 17:18:03 atlantic su[5583]: pam_cgroup(su:session): Changed 
> cgroup for process 5583  with username alex.
>
> -- END --
>
> Except that pid is not in users/alex/tasks its in some task files 
> related to openrc and it looks like the function 
> cgroup_change_cgroup_uid_gid_flags is not doing a proper change:
>
> [alex@xxxxxxxxxxxx][/sys/fs/cgroup]# ls
> blkio  cpu  cpuacct  cpuset  memory  net_cls  openrc
> [alex@xxxxxxxxxxxx][/sys/fs/cgroup]# find ./ -name tasks | xargs grep 
> 5583
> ./net_cls/tasks:5583
> ./memory/tasks:5583
> ./blkio/tasks:5583
> ./cpuacct/tasks:5583
> ./cpu/openrc_sshd/tasks:5583
> ./cpuset/tasks:5583
> ./openrc/sshd/tasks:5583
> [alex@xxxxxxxxxxxx][/sys/fs/cgroup]# cat memory/users/alex/tasks
> [alex@xxxxxxxxxxxx][/sys/fs/cgroup]#
>
> -- END --
>
> Why is it not in users/alex what am I doing wrong?
>
> Noah J. McNallie

--
To unsubscribe from this list: send the line "unsubscribe cgroups" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html