[gentoo-commits] repo/gentoo:master commit in: dev-libs/libcgroup/, dev-libs/libcgroup/files/

[gentoo-commits] repo/gentoo:master commit in: dev-libs/libcgroup/, dev-libs/libcgroup/files/

[Anthony G. Basile]

commit:     a8cc51c8c561a5b98aa079858de05b2b869b6e76
Author:     Anthony G. Basile <blueness <AT> gentoo <DOT> org>
AuthorDate: Mon Nov 16 23:09:14 2015 +0000
Commit:     Anthony G. Basile <blueness <AT> gentoo <DOT> org>
CommitDate: Mon Nov 16 23:09:33 2015 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a8cc51c8

dev-libs/libcgroup: refactor the init scripts.

Thanks tokiclover <AT> eclipso.email

Package-Manager: portage-2.2.20.1

 dev-libs/libcgroup/files/cgconfig.confd-r1  |  7 +++
 dev-libs/libcgroup/files/cgconfig.initd-r1  | 53 +++++++++++++++++
 dev-libs/libcgroup/files/cgred.confd-r1     |  5 ++
 dev-libs/libcgroup/files/cgred.initd-r1     | 24 ++++++++
 dev-libs/libcgroup/libcgroup-0.41-r3.ebuild | 92 +++++++++++++++++++++++++++++
 5 files changed, 181 insertions(+)

diff --git a/dev-libs/libcgroup/files/cgconfig.confd-r1 b/dev-libs/libcgroup/files/cgconfig.confd-r1
new file mode 100644
index 0000000..334958e
--- /dev/null
+++ b/dev-libs/libcgroup/files/cgconfig.confd-r1
@@ -0,0 +1,7 @@
+# /etc/conf.d/cgconfig: config file for /etc/init.d/cgconfig
+
+# Configuration file location
+CG_CONFIGFILE=/etc/cgroup/cgconfig.conf
+
+# Enable calssifying pid according to rules if necessary
+CG_CLASSIFY=No

diff --git a/dev-libs/libcgroup/files/cgconfig.initd-r1 b/dev-libs/libcgroup/files/cgconfig.initd-r1
new file mode 100644
index 0000000..f10d994
--- /dev/null
+++ b/dev-libs/libcgroup/files/cgconfig.initd-r1
@@ -0,0 +1,53 @@
+#!/sbin/runscript
+# Copyright 1999-2015 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /etc/init.d/cgconfig,v 1.1 2015/02/18 09:53:59 tokiclover Exp $
+
+CGCONFIGPARSER="/usr/sbin/cgconfigparser"
+CGCLASSIFY="/usr/sbin/cgclassify"
+:	${CG_CONFIGFILE:=/etc/cgroup/cgconfig.conf}
+description="Control Group Configuration Service"
+
+start()
+{
+	ebegin "Setting up CGroups"
+	${CGCONFIGPARSER} --load=${CG_CONFIGFILE} >/dev/null 2>&1
+	eend "$?"
+}
+
+start_post()
+{
+	# Classify PID according to the rules if requested
+	yesno "${CG_CLASSIFY}" || return 0
+	ebegin "Classifying PID to CGroups"
+	local pid
+	for pid in $(ps --no-headers -eL o tid); do
+		 ${CGCLASSIFY} ${pid}
+	done
+	eend "$?"
+}
+
+stop()
+{
+	cgconfig_umount
+}
+
+cgconfig_umount()
+{
+	local ctrl eq mnt_pnt mnt_pts
+
+	while read ctrl eq mnt_pnt; do
+		case "${ctrl}" in
+			(\#*)    continue    ;;
+			(mount*) mnt_pts=true;;
+			(\}*)    mnt_pts=    ;;
+			(*)
+				[ -n "${mnt_pts}" ] || continue
+				mnt_pnt="${mnt_pnt%;}"
+				ebegin "Unmounting ${mnt_pnt}"
+				umount "${mnt_pnt}"
+				eend "$?"
+				;;
+		esac
+	done < "${CG_CONFIGFILE}"
+}

diff --git a/dev-libs/libcgroup/files/cgred.confd-r1 b/dev-libs/libcgroup/files/cgred.confd-r1
new file mode 100644
index 0000000..e351434
--- /dev/null
+++ b/dev-libs/libcgroup/files/cgred.confd-r1
@@ -0,0 +1,5 @@
+# /etc/conf.d/cgred.conf: config file for /etc/init.d/cgred
+
+# Options to pass to cgrulesengd;
+# See the cgrulesengd(8) man page for more info.
+CGRED_OPTS=""

diff --git a/dev-libs/libcgroup/files/cgred.initd-r1 b/dev-libs/libcgroup/files/cgred.initd-r1
new file mode 100644
index 0000000..85cbb05
--- /dev/null
+++ b/dev-libs/libcgroup/files/cgred.initd-r1
@@ -0,0 +1,24 @@
+#!/sbin/runscript
+# Copyright 1999-2015 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /etc/init.d/cgred,v 1.1 2015/02/14 09:53:59 tokiclover Exp $
+
+command="/usr/sbin/cgrulesengd"
+command_args="${CGRED_OPTS}"
+command_background="1"
+pidfile="/var/run/cgred.pid"
+description="CGroups Rules Engine Daemon"
+extra_started_commands="reload"
+
+depend()
+{
+	need cgconfig
+	use logger
+}
+
+reload()
+{
+	ebegin "Reloading CGroup Rules Engine Daemon"
+	kill -USR2 $(cat "${pidfile}")
+	eend $?
+}

diff --git a/dev-libs/libcgroup/libcgroup-0.41-r3.ebuild b/dev-libs/libcgroup/libcgroup-0.41-r3.ebuild
new file mode 100644
index 0000000..23304ad
--- /dev/null
+++ b/dev-libs/libcgroup/libcgroup-0.41-r3.ebuild
@@ -0,0 +1,92 @@
+# Copyright 1999-2015 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI="5"
+
+inherit autotools eutils flag-o-matic linux-info pam
+
+DESCRIPTION="Tools and libraries to configure and manage kernel control groups"
+HOMEPAGE="http://libcg.sourceforge.net/"
+SRC_URI="mirror://sourceforge/project/libcg/${PN}/v${PV}/${P}.tar.bz2"
+
+LICENSE="LGPL-2.1"
+SLOT="0"
+KEYWORDS="~amd64 ~ppc ~ppc64 ~x86"
+IUSE="+daemon elibc_musl debug pam static-libs +tools"
+
+RDEPEND="pam? ( virtual/pam )"
+
+DEPEND="
+	${RDEPEND}
+	sys-devel/bison
+	sys-devel/flex
+	elibc_musl? ( sys-libs/fts-standalone )
+	"
+REQUIRED_USE="daemon? ( tools )"
+
+DOCS=(README_daemon README README_systemd INSTALL)
+pkg_setup() {
+	local CONFIG_CHECK="~CGROUPS"
+	if use daemon; then
+		CONFIG_CHECK="${CONFIG_CHECK} ~CONNECTOR ~PROC_EVENTS"
+	fi
+	linux-info_pkg_setup
+}
+
+src_prepare() {
+	epatch "${FILESDIR}"/${P}-replace_DECLS.patch
+	epatch "${FILESDIR}"/${P}-replace_INLCUDES.patch
+	epatch "${FILESDIR}"/${P}-reorder-headers.patch
+
+	# Change rules file location
+	sed -e 's:/etc/cgrules.conf:/etc/cgroup/cgrules.conf:' \
+		-i src/libcgroup-internal.h || die "sed failed"
+	sed -e 's:\(pam_cgroup_la_LDFLAGS.*\):\1\ -avoid-version:' \
+		-i src/pam/Makefile.am || die "sed failed"
+	sed -e 's#/var/run#/run#g' -i configure.in || die "sed failed"
+
+	eautoreconf
+}
+
+src_configure() {
+	local my_conf
+
+	if use pam; then
+		my_conf=" --enable-pam-module-dir=$(getpam_mod_dir) "
+	fi
+
+	use elibc_musl && append-ldflags "-lfts"
+	econf \
+		$(use_enable static-libs static) \
+		$(use_enable daemon) \
+		$(use_enable debug) \
+		$(use_enable pam) \
+		$(use_enable tools) \
+		${my_conf}
+}
+
+src_test() {
+	# Use mount cgroup to build directory
+	# sandbox restricted to trivial build,
+	# possible kill Diego tanderbox ;)
+	true
+}
+
+src_install() {
+	default
+	prune_libtool_files --all
+
+	insinto /etc/cgroup
+	doins samples/*.conf || die
+
+	if use tools; then
+		newconfd "${FILESDIR}"/cgconfig.confd-r1 cgconfig || die
+		newinitd "${FILESDIR}"/cgconfig.initd-r1 cgconfig || die
+	fi
+
+	if use daemon; then
+		newconfd "${FILESDIR}"/cgred.confd-r1 cgred || die
+		newinitd "${FILESDIR}"/cgred.initd-r1 cgred || die
+	fi
+}

[gentoo-commits] repo/gentoo:master commit in: dev-libs/libcgroup/, dev-libs/libcgroup/files/

[Anthony G. Basile]

commit:     b2d6d5c661e5c5031a41f085404e8d01fa9e60a3
Author:     Anthony G. Basile <blueness <AT> gentoo <DOT> org>
AuthorDate: Sun Jun 12 23:47:12 2016 +0000
Commit:     Anthony G. Basile <blueness <AT> gentoo <DOT> org>
CommitDate: Sun Jun 12 23:49:47 2016 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b2d6d5c6

dev-libs/libcgroup: fix cgred service, bug #584962

Thanks Nicolas Porcel <nicolas06600 <AT> yahoo.fr>

Package-Manager: portage-2.2.28

 dev-libs/libcgroup/files/cgred.confd-r2     |  5 ++
 dev-libs/libcgroup/libcgroup-0.41-r4.ebuild | 93 +++++++++++++++++++++++++++++
 2 files changed, 98 insertions(+)

diff --git a/dev-libs/libcgroup/files/cgred.confd-r2 b/dev-libs/libcgroup/files/cgred.confd-r2
new file mode 100644
index 0000000..cdc7a7c
--- /dev/null
+++ b/dev-libs/libcgroup/files/cgred.confd-r2
@@ -0,0 +1,5 @@
+# /etc/conf.d/cgred.conf: config file for /etc/init.d/cgred
+
+# Options to pass to cgrulesengd;
+# See the cgrulesengd(8) man page for more info.
+CGRED_OPTS="-n"

diff --git a/dev-libs/libcgroup/libcgroup-0.41-r4.ebuild b/dev-libs/libcgroup/libcgroup-0.41-r4.ebuild
new file mode 100644
index 0000000..d8a72b3
--- /dev/null
+++ b/dev-libs/libcgroup/libcgroup-0.41-r4.ebuild
@@ -0,0 +1,93 @@
+# Copyright 1999-2016 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI="5"
+
+inherit autotools eutils flag-o-matic linux-info pam
+
+DESCRIPTION="Tools and libraries to configure and manage kernel control groups"
+HOMEPAGE="http://libcg.sourceforge.net/"
+SRC_URI="mirror://sourceforge/project/libcg/${PN}/v${PV}/${P}.tar.bz2"
+
+LICENSE="LGPL-2.1"
+SLOT="0"
+KEYWORDS="~amd64 ~ppc ~ppc64 ~x86"
+IUSE="+daemon elibc_musl pam static-libs +tools"
+
+RDEPEND="pam? ( virtual/pam )"
+
+DEPEND="
+	${RDEPEND}
+	sys-devel/bison
+	sys-devel/flex
+	elibc_musl? ( sys-libs/fts-standalone )
+	"
+REQUIRED_USE="daemon? ( tools )"
+
+DOCS=(README_daemon README README_systemd INSTALL)
+pkg_setup() {
+	local CONFIG_CHECK="~CGROUPS"
+	if use daemon; then
+		CONFIG_CHECK="${CONFIG_CHECK} ~CONNECTOR ~PROC_EVENTS"
+	fi
+	linux-info_pkg_setup
+}
+
+src_prepare() {
+	epatch "${FILESDIR}"/${P}-replace_DECLS.patch
+	epatch "${FILESDIR}"/${P}-replace_INLCUDES.patch
+	epatch "${FILESDIR}"/${P}-reorder-headers.patch
+
+	# Change rules file location
+	sed -e 's:/etc/cgrules.conf:/etc/cgroup/cgrules.conf:' \
+		-i src/libcgroup-internal.h || die "sed failed"
+	sed -e 's:/etc/cgconfig.conf:/etc/cgroup/cgconfig.conf:' \
+		-i src/libcgroup-internal.h || die "sed failed"
+	sed -e 's:\(pam_cgroup_la_LDFLAGS.*\):\1\ -avoid-version:' \
+		-i src/pam/Makefile.am || die "sed failed"
+	sed -e 's#/var/run#/run#g' -i configure.in || die "sed failed"
+
+	eautoreconf
+}
+
+src_configure() {
+	local my_conf
+
+	if use pam; then
+		my_conf=" --enable-pam-module-dir=$(getpam_mod_dir) "
+	fi
+
+	use elibc_musl && append-ldflags "-lfts"
+	econf \
+		$(use_enable static-libs static) \
+		$(use_enable daemon) \
+		$(use_enable pam) \
+		$(use_enable tools) \
+		${my_conf}
+}
+
+src_test() {
+	# Use mount cgroup to build directory
+	# sandbox restricted to trivial build,
+	# possible kill Diego tanderbox ;)
+	true
+}
+
+src_install() {
+	default
+	prune_libtool_files --all
+
+	insinto /etc/cgroup
+	doins samples/*.conf || die
+
+	if use tools; then
+		newconfd "${FILESDIR}"/cgconfig.confd-r1 cgconfig || die
+		newinitd "${FILESDIR}"/cgconfig.initd-r1 cgconfig || die
+	fi
+
+	if use daemon; then
+		newconfd "${FILESDIR}"/cgred.confd-r2 cgred || die
+		newinitd "${FILESDIR}"/cgred.initd-r1 cgred || die
+	fi
+}

[gentoo-commits] repo/gentoo:master commit in: dev-libs/libcgroup/, dev-libs/libcgroup/files/

[Anthony G. Basile]

commit:     914b1707958ce227568068b5db2b00726d37f7ed
Author:     Anthony G. Basile <blueness <AT> gentoo <DOT> org>
AuthorDate: Sun Jun 12 23:49:34 2016 +0000
Commit:     Anthony G. Basile <blueness <AT> gentoo <DOT> org>
CommitDate: Sun Jun 12 23:49:50 2016 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=914b1707

dev-libs/libcgroup: remove older unstable versions

Package-Manager: portage-2.2.28

 dev-libs/libcgroup/files/cgred.confd-r1     |   5 --
 dev-libs/libcgroup/libcgroup-0.41-r2.ebuild | 106 ----------------------------
 dev-libs/libcgroup/libcgroup-0.41-r3.ebuild |  92 ------------------------
 3 files changed, 203 deletions(-)

diff --git a/dev-libs/libcgroup/files/cgred.confd-r1 b/dev-libs/libcgroup/files/cgred.confd-r1
deleted file mode 100644
index e351434..0000000
--- a/dev-libs/libcgroup/files/cgred.confd-r1
+++ /dev/null
@@ -1,5 +0,0 @@
-# /etc/conf.d/cgred.conf: config file for /etc/init.d/cgred
-
-# Options to pass to cgrulesengd;
-# See the cgrulesengd(8) man page for more info.
-CGRED_OPTS=""

diff --git a/dev-libs/libcgroup/libcgroup-0.41-r2.ebuild b/dev-libs/libcgroup/libcgroup-0.41-r2.ebuild
deleted file mode 100644
index ab19abc..0000000
--- a/dev-libs/libcgroup/libcgroup-0.41-r2.ebuild
+++ /dev/null
@@ -1,106 +0,0 @@
-# Copyright 1999-2015 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Id$
-
-EAPI="5"
-
-inherit autotools eutils flag-o-matic linux-info pam
-
-DESCRIPTION="Tools and libraries to configure and manage kernel control groups"
-HOMEPAGE="http://libcg.sourceforge.net/"
-SRC_URI="mirror://sourceforge/project/libcg/${PN}/v${PV}/${P}.tar.bz2"
-
-LICENSE="LGPL-2.1"
-SLOT="0"
-KEYWORDS="~amd64 ~ppc ~ppc64 ~x86"
-IUSE="+daemon elibc_musl pam static-libs +tools"
-
-RDEPEND="pam? ( virtual/pam )"
-
-DEPEND="
-	${RDEPEND}
-	sys-devel/bison
-	sys-devel/flex
-	elibc_musl? ( sys-libs/fts-standalone )
-	"
-REQUIRED_USE="daemon? ( tools )"
-
-DOCS=(README_daemon README README_systemd INSTALL)
-pkg_setup() {
-	local CONFIG_CHECK="~CGROUPS"
-	if use daemon; then
-		CONFIG_CHECK="${CONFIG_CHECK} ~CONNECTOR ~PROC_EVENTS"
-	fi
-	linux-info_pkg_setup
-}
-
-src_prepare() {
-	epatch "${FILESDIR}"/${P}-replace_DECLS.patch
-	epatch "${FILESDIR}"/${P}-replace_INLCUDES.patch
-	epatch "${FILESDIR}"/${P}-reorder-headers.patch
-
-	# Change rules file location
-	sed -e 's:/etc/cgrules.conf:/etc/cgroup/cgrules.conf:' \
-		-i src/libcgroup-internal.h || die "sed failed"
-	sed -e 's:\(pam_cgroup_la_LDFLAGS.*\):\1\ -avoid-version:' \
-		-i src/pam/Makefile.am || die "sed failed"
-	sed -e 's#/var/run#/run#g' -i configure.in || die "sed failed"
-
-	eautoreconf
-}
-
-src_configure() {
-	local my_conf
-
-	if use pam; then
-		my_conf=" --enable-pam-module-dir=$(getpam_mod_dir) "
-	fi
-
-	use elibc_musl && append-ldflags "-lfts"
-	econf \
-		$(use_enable static-libs static) \
-		$(use_enable daemon) \
-		$(use_enable pam) \
-		$(use_enable tools) \
-		${my_conf}
-}
-
-src_test() {
-	# Use mount cgroup to build directory
-	# sandbox restricted to trivial build,
-	# possible kill Diego tanderbox ;)
-	true
-}
-
-src_install() {
-	default
-	prune_libtool_files --all
-
-	insinto /etc/cgroup
-	doins samples/*.conf || die
-
-	if use tools; then
-		newconfd "${FILESDIR}"/cgconfig.confd cgconfig || die
-		newinitd "${FILESDIR}"/cgconfig.initd cgconfig || die
-	fi
-
-	if use daemon; then
-		newconfd "${FILESDIR}"/cgred.confd cgred || die
-		newinitd "${FILESDIR}"/cgred.initd cgred || die
-	fi
-}
-
-pkg_postinst() {
-	elog "Read the kernel docs on cgroups, related schedulers, and the"
-	elog "block I/O controllers.  The Redhat Resource Management Guide"
-	elog "is also helpful.  DO NOT enable the cgroup namespace subsytem"
-	elog "if you want a custom config, rule processing, etc.  This option"
-	elog "should only be enabled for a VM environment.  The UID wildcard"
-	elog "rules seem to work only without a custom config (since wildcards"
-	elog "don't work in config blocks).  Specific user-id configs *do*"
-	elog "work, but be careful about how the mem limits add up if using"
-	elog "the memory.limit_* directives.  There should be a basic task"
-	elog "partitioning into the default group when running cgred with no"
-	elog "specific config blocks or rules (other than the mount directive)."
-	elog "See the docs for the pam module config, and as always, RTFM..."
-}

diff --git a/dev-libs/libcgroup/libcgroup-0.41-r3.ebuild b/dev-libs/libcgroup/libcgroup-0.41-r3.ebuild
deleted file mode 100644
index 23304ad..0000000
--- a/dev-libs/libcgroup/libcgroup-0.41-r3.ebuild
+++ /dev/null
@@ -1,92 +0,0 @@
-# Copyright 1999-2015 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Id$
-
-EAPI="5"
-
-inherit autotools eutils flag-o-matic linux-info pam
-
-DESCRIPTION="Tools and libraries to configure and manage kernel control groups"
-HOMEPAGE="http://libcg.sourceforge.net/"
-SRC_URI="mirror://sourceforge/project/libcg/${PN}/v${PV}/${P}.tar.bz2"
-
-LICENSE="LGPL-2.1"
-SLOT="0"
-KEYWORDS="~amd64 ~ppc ~ppc64 ~x86"
-IUSE="+daemon elibc_musl debug pam static-libs +tools"
-
-RDEPEND="pam? ( virtual/pam )"
-
-DEPEND="
-	${RDEPEND}
-	sys-devel/bison
-	sys-devel/flex
-	elibc_musl? ( sys-libs/fts-standalone )
-	"
-REQUIRED_USE="daemon? ( tools )"
-
-DOCS=(README_daemon README README_systemd INSTALL)
-pkg_setup() {
-	local CONFIG_CHECK="~CGROUPS"
-	if use daemon; then
-		CONFIG_CHECK="${CONFIG_CHECK} ~CONNECTOR ~PROC_EVENTS"
-	fi
-	linux-info_pkg_setup
-}
-
-src_prepare() {
-	epatch "${FILESDIR}"/${P}-replace_DECLS.patch
-	epatch "${FILESDIR}"/${P}-replace_INLCUDES.patch
-	epatch "${FILESDIR}"/${P}-reorder-headers.patch
-
-	# Change rules file location
-	sed -e 's:/etc/cgrules.conf:/etc/cgroup/cgrules.conf:' \
-		-i src/libcgroup-internal.h || die "sed failed"
-	sed -e 's:\(pam_cgroup_la_LDFLAGS.*\):\1\ -avoid-version:' \
-		-i src/pam/Makefile.am || die "sed failed"
-	sed -e 's#/var/run#/run#g' -i configure.in || die "sed failed"
-
-	eautoreconf
-}
-
-src_configure() {
-	local my_conf
-
-	if use pam; then
-		my_conf=" --enable-pam-module-dir=$(getpam_mod_dir) "
-	fi
-
-	use elibc_musl && append-ldflags "-lfts"
-	econf \
-		$(use_enable static-libs static) \
-		$(use_enable daemon) \
-		$(use_enable debug) \
-		$(use_enable pam) \
-		$(use_enable tools) \
-		${my_conf}
-}
-
-src_test() {
-	# Use mount cgroup to build directory
-	# sandbox restricted to trivial build,
-	# possible kill Diego tanderbox ;)
-	true
-}
-
-src_install() {
-	default
-	prune_libtool_files --all
-
-	insinto /etc/cgroup
-	doins samples/*.conf || die
-
-	if use tools; then
-		newconfd "${FILESDIR}"/cgconfig.confd-r1 cgconfig || die
-		newinitd "${FILESDIR}"/cgconfig.initd-r1 cgconfig || die
-	fi
-
-	if use daemon; then
-		newconfd "${FILESDIR}"/cgred.confd-r1 cgred || die
-		newinitd "${FILESDIR}"/cgred.initd-r1 cgred || die
-	fi
-}

[gentoo-commits] repo/gentoo:master commit in: dev-libs/libcgroup/, dev-libs/libcgroup/files/

[Anthony G. Basile]

commit:     33e9f4c81de754bbf76b893ea1133ed023f2a0e5
Author:     Anthony G. Basile <blueness <AT> gentoo <DOT> org>
AuthorDate: Thu Aug 23 00:17:31 2018 +0000
Commit:     Anthony G. Basile <blueness <AT> gentoo <DOT> org>
CommitDate: Thu Aug 23 00:17:31 2018 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=33e9f4c8

dev-libs/libcgroup: address CVE-2018-14348, bug #664324

Package-Manager: Portage-2.3.40, Repoman-2.3.9

 .../files/libcgroup-0.41-remove-umask.patch        | 28 +++++++
 dev-libs/libcgroup/libcgroup-0.41-r5.ebuild        | 96 ++++++++++++++++++++++
 2 files changed, 124 insertions(+)

diff --git a/dev-libs/libcgroup/files/libcgroup-0.41-remove-umask.patch b/dev-libs/libcgroup/files/libcgroup-0.41-remove-umask.patch
new file mode 100644
index 00000000000..42286ae8785
--- /dev/null
+++ b/dev-libs/libcgroup/files/libcgroup-0.41-remove-umask.patch
@@ -0,0 +1,28 @@
+commit 0d88b73d189ea3440ccaab00418d6469f76fa590
+Author: Michal Hocko <mhocko@suse.com>
+Date:   Wed Jul 18 11:24:29 2018 +0200
+
+    cgrulesengd: remove umask(0)
+    
+    One of our partners has noticed that cgred daemon is creating a log file
+    (/var/log/cgred) with too wide permissions (0666) and that is seen as
+    a security bug because an untrusted user can write to otherwise
+    restricted area. CVE-2018-14348 has been assigned to this issue.
+    
+    Signed-off-by: Michal Hocko <mhocko@suse.com>
+    Acked-by: Balbir Singh <bsingharora@gmail.com>
+
+diff --git a/src/daemon/cgrulesengd.c b/src/daemon/cgrulesengd.c
+index ea51f11..0d288f3 100644
+--- a/src/daemon/cgrulesengd.c
++++ b/src/daemon/cgrulesengd.c
+@@ -889,9 +889,6 @@ int cgre_start_daemon(const char *logp, const int logf,
+ 		} else if (pid > 0) {
+ 			exit(EXIT_SUCCESS);
+ 		}
+-
+-		/* Change the file mode mask. */
+-		umask(0);
+ 	} else {
+ 		flog(LOG_DEBUG, "Not using daemon mode\n");
+ 		pid = getpid();

diff --git a/dev-libs/libcgroup/libcgroup-0.41-r5.ebuild b/dev-libs/libcgroup/libcgroup-0.41-r5.ebuild
new file mode 100644
index 00000000000..a17306a01ae
--- /dev/null
+++ b/dev-libs/libcgroup/libcgroup-0.41-r5.ebuild
@@ -0,0 +1,96 @@
+# Copyright 1999-2018 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=6
+
+inherit autotools flag-o-matic linux-info pam
+
+DESCRIPTION="Tools and libraries to configure and manage kernel control groups"
+HOMEPAGE="http://libcg.sourceforge.net/"
+SRC_URI="mirror://sourceforge/project/libcg/${PN}/v${PV}/${P}.tar.bz2"
+
+LICENSE="LGPL-2.1"
+SLOT="0"
+KEYWORDS="~amd64 ~arm ~ppc ~ppc64 ~x86"
+IUSE="+daemon elibc_musl pam static-libs +tools"
+
+RDEPEND="pam? ( virtual/pam )"
+
+DEPEND="
+	${RDEPEND}
+	sys-devel/bison
+	sys-devel/flex
+	elibc_musl? ( sys-libs/fts-standalone )
+	"
+REQUIRED_USE="daemon? ( tools )"
+
+DOCS=(README_daemon README README_systemd INSTALL)
+pkg_setup() {
+	local CONFIG_CHECK="~CGROUPS"
+	if use daemon; then
+		CONFIG_CHECK="${CONFIG_CHECK} ~CONNECTOR ~PROC_EVENTS"
+	fi
+	linux-info_pkg_setup
+}
+
+PATCHES=(
+	"${FILESDIR}"/${P}-replace_DECLS.patch
+	"${FILESDIR}"/${P}-replace_INLCUDES.patch
+	"${FILESDIR}"/${P}-reorder-headers.patch
+	"${FILESDIR}"/${P}-remove-umask.patch
+)
+
+src_prepare() {
+	default
+	# Change rules file location
+	sed -e 's:/etc/cgrules.conf:/etc/cgroup/cgrules.conf:' \
+		-i src/libcgroup-internal.h || die "sed failed"
+	sed -e 's:/etc/cgconfig.conf:/etc/cgroup/cgconfig.conf:' \
+		-i src/libcgroup-internal.h || die "sed failed"
+	sed -e 's:\(pam_cgroup_la_LDFLAGS.*\):\1\ -avoid-version:' \
+		-i src/pam/Makefile.am || die "sed failed"
+	sed -e 's#/var/run#/run#g' -i configure.in || die "sed failed"
+
+	eautoreconf
+}
+
+src_configure() {
+	local my_conf
+
+	if use pam; then
+		my_conf=" --enable-pam-module-dir=$(getpam_mod_dir) "
+	fi
+
+	use elibc_musl && append-ldflags "-lfts"
+	econf \
+		$(use_enable static-libs static) \
+		$(use_enable daemon) \
+		$(use_enable pam) \
+		$(use_enable tools) \
+		${my_conf}
+}
+
+src_test() {
+	# Use mount cgroup to build directory
+	# sandbox restricted to trivial build,
+	# possible kill Diego tanderbox ;)
+	true
+}
+
+src_install() {
+	default
+	prune_libtool_files --all
+
+	insinto /etc/cgroup
+	doins samples/*.conf || die
+
+	if use tools; then
+		newconfd "${FILESDIR}"/cgconfig.confd-r1 cgconfig || die
+		newinitd "${FILESDIR}"/cgconfig.initd-r1 cgconfig || die
+	fi
+
+	if use daemon; then
+		newconfd "${FILESDIR}"/cgred.confd-r2 cgred || die
+		newinitd "${FILESDIR}"/cgred.initd-r1 cgred || die
+	fi
+}

[gentoo-commits] repo/gentoo:master commit in: dev-libs/libcgroup/, dev-libs/libcgroup/files/

[Michał Górny]

commit:     4de83263b965d169ff6e1a42b3238f543633256c
Author:     Bernardo Meurer <meurerbernardo <AT> gmail <DOT> com>
AuthorDate: Fri Aug  9 07:00:22 2019 +0000
Commit:     Michał Górny <mgorny <AT> gentoo <DOT> org>
CommitDate: Sat Sep 21 09:15:20 2019 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4de83263

dev-libs/libcgroup: add systemd unit files

Closes: https://bugs.gentoo.org/632204
Package-Manager: Portage-2.3.71, Repoman-2.3.17
Signed-off-by: Bernardo Meurer <bernardo <AT> standard.ai>
Signed-off-by: Michał Górny <mgorny <AT> gentoo.org>

 dev-libs/libcgroup/files/cgconfig.service   |  17 +++++
 dev-libs/libcgroup/files/cgrules.service    |  16 +++++
 dev-libs/libcgroup/libcgroup-0.41-r6.ebuild | 103 ++++++++++++++++++++++++++++
 3 files changed, 136 insertions(+)

diff --git a/dev-libs/libcgroup/files/cgconfig.service b/dev-libs/libcgroup/files/cgconfig.service
new file mode 100644
index 00000000000..d2948ff825b
--- /dev/null
+++ b/dev-libs/libcgroup/files/cgconfig.service
@@ -0,0 +1,17 @@
+[Unit]
+Description=Control Group configuration service
+
+# The service should be able to start as soon as possible,
+# before any 'normal' services:
+DefaultDependencies=no
+Conflicts=shutdown.target
+Before=basic.target shutdown.target
+
+[Service]
+Type=oneshot
+RemainAfterExit=yes
+ExecStart=/usr/sbin/cgconfigparser -l /etc/cgroup/cgconfig.conf -s 1664
+ExecStop=/usr/sbin/cgclear -l /etc/cgroup/cgconfig.conf -e
+
+[Install]
+WantedBy=sysinit.target

diff --git a/dev-libs/libcgroup/files/cgrules.service b/dev-libs/libcgroup/files/cgrules.service
new file mode 100644
index 00000000000..2c6426bf952
--- /dev/null
+++ b/dev-libs/libcgroup/files/cgrules.service
@@ -0,0 +1,16 @@
+[Unit]
+Description=Control Group rules service
+
+# The service should be able to start as soon as possible,
+# before any 'normal' services:
+DefaultDependencies=no
+Conflicts=shutdown.target
+Before=basic.target shutdown.target
+After=cgconfig.service
+
+[Service]
+Type=simple
+ExecStart=/usr/sbin/cgrulesengd -n -f -
+
+[Install]
+WantedBy=sysinit.target

diff --git a/dev-libs/libcgroup/libcgroup-0.41-r6.ebuild b/dev-libs/libcgroup/libcgroup-0.41-r6.ebuild
new file mode 100644
index 00000000000..14021a85a76
--- /dev/null
+++ b/dev-libs/libcgroup/libcgroup-0.41-r6.ebuild
@@ -0,0 +1,103 @@
+# Copyright 1999-2019 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=6
+
+inherit autotools flag-o-matic linux-info pam systemd
+
+DESCRIPTION="Tools and libraries to configure and manage kernel control groups"
+HOMEPAGE="http://libcg.sourceforge.net/"
+SRC_URI="mirror://sourceforge/project/libcg/${PN}/v${PV}/${P}.tar.bz2"
+
+LICENSE="LGPL-2.1"
+SLOT="0"
+KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~x86"
+IUSE="+daemon elibc_musl pam static-libs test +tools"
+
+RDEPEND="pam? ( virtual/pam )"
+
+DEPEND="
+	${RDEPEND}
+	sys-devel/bison
+	sys-devel/flex
+	elibc_musl? ( sys-libs/fts-standalone )
+	"
+REQUIRED_USE="daemon? ( tools )"
+
+DOCS=(README_daemon README README_systemd INSTALL)
+pkg_setup() {
+	local CONFIG_CHECK="~CGROUPS"
+	if use daemon; then
+		CONFIG_CHECK="${CONFIG_CHECK} ~CONNECTOR ~PROC_EVENTS"
+	fi
+	linux-info_pkg_setup
+}
+
+PATCHES=(
+	"${FILESDIR}"/${P}-replace_DECLS.patch
+	"${FILESDIR}"/${P}-replace_INLCUDES.patch
+	"${FILESDIR}"/${P}-reorder-headers.patch
+	"${FILESDIR}"/${P}-remove-umask.patch
+)
+
+src_prepare() {
+	default
+	# Change rules file location
+	sed -e 's:/etc/cgrules.conf:/etc/cgroup/cgrules.conf:' \
+		-i src/libcgroup-internal.h || die "sed failed"
+	sed -e 's:/etc/cgconfig.conf:/etc/cgroup/cgconfig.conf:' \
+		-i src/libcgroup-internal.h || die "sed failed"
+	sed -e 's:\(pam_cgroup_la_LDFLAGS.*\):\1\ -avoid-version:' \
+		-i src/pam/Makefile.am || die "sed failed"
+	sed -e 's#/var/run#/run#g' -i configure.in || die "sed failed"
+
+	# If we're not running tests, don't bother building them.
+	if ! use test; then
+		sed -i '/^SUBDIRS/s:tests::' Makefile.am || die
+	fi
+
+	eautoreconf
+}
+
+src_configure() {
+	local my_conf
+
+	if use pam; then
+		my_conf=" --enable-pam-module-dir=$(getpam_mod_dir) "
+	fi
+
+	use elibc_musl && append-ldflags "-lfts"
+	econf \
+		$(use_enable static-libs static) \
+		$(use_enable daemon) \
+		$(use_enable pam) \
+		$(use_enable tools) \
+		${my_conf}
+}
+
+src_test() {
+	# Use mount cgroup to build directory
+	# sandbox restricted to trivial build,
+	# possible kill Diego tanderbox ;)
+	true
+}
+
+src_install() {
+	default
+	prune_libtool_files --all
+
+	insinto /etc/cgroup
+	doins samples/*.conf
+
+	if use tools; then
+		newconfd "${FILESDIR}"/cgconfig.confd-r1 cgconfig
+		newinitd "${FILESDIR}"/cgconfig.initd-r1 cgconfig
+		systemd_dounit "${FILESDIR}"/cgconfig.service
+		systemd_dounit "${FILESDIR}"/cgrules.service
+	fi
+
+	if use daemon; then
+		newconfd "${FILESDIR}"/cgred.confd-r2 cgred
+		newinitd "${FILESDIR}"/cgred.initd-r1 cgred
+	fi
+}