!65 sync patch

From: @liuxu180400617 
Reviewed-by: @xuxuepeng 
Signed-off-by: @xuxuepeng

Add-support-for-multiple-controllers-on-same-mount-point.patch

@@ -0,0 +1,73 @@
+From a20a50c1a133414f61d6cee0dc1b0cb66869bd95 Mon Sep 17 00:00:00 2001
+From: lipengyu <lipengyu@kylinos.cn>
+Date: Fri, 6 Dec 2024 15:07:10 +0800
+Subject: [PATCH] Add support for multipe controllers on same mount point
+
+---
+ src/config.c | 29 ++++++++++++++++++++++++++++-
+ 1 file changed, 28 insertions(+), 1 deletion(-)
+
+diff --git a/src/config.c b/src/config.c
+index dfabbd1..d194b32 100644
+--- a/src/config.c
++++ b/src/config.c
+@@ -635,6 +635,22 @@ void cgroup_config_cleanup_namespace_table(void)
+ 			sizeof(struct cg_mount_table_s) * CG_CONTROLLER_MAX);
+ }
+ 
++static int is_valid_controller(char *ctrl)
++{
++	int i;
++
++	static const char *ctrl_list[] = { "blkio", "cpu", "cpuacct", "cpuset", "devices",
++					"freezer", "hugetlb", "memory", "misc", "net_cls",
++					"net_prio", "perf_event", "pids", "rdma", NULL };
++
++	for (i = 0; ctrl_list[i]; i++) {
++		if (strncmp(ctrl, ctrl_list[i], strlen(ctrl_list[i])) == 0)
++			return 1;
++	}
++
++	return 0;
++}
++
+ /**
+  * Add necessary options for mount. Currently only 'none' option is added
+  * for mounts with only 'name=xxx' and without real controller.
+@@ -663,6 +679,9 @@ static int cgroup_config_ajdust_mount_options(struct cg_mount_table_s *mount,
+ 					break;
+ 				strncpy(mount->name, controller, sizeof(mount->name));
+ 				mount->name[sizeof(mount->name)-1] = '\0';
++				free(controller);
++				token = strtok_r(NULL, ",", &save);
++				continue;				
+ 			}
+ 
+ 			if (strncmp(token, "nodev", strlen("nodev")) == 0) {
+@@ -675,6 +694,15 @@ static int cgroup_config_ajdust_mount_options(struct cg_mount_table_s *mount,
+ 				*flags |= MS_NOSUID;
+ 			}
+ 
++			if (is_valid_controller(token)) {
++				controller = strdup(token);
++				if (controller == NULL)
++					break;
++				strncat(mount->name, ",", FILENAME_MAX - strlen(mount->name)-1);
++				strncat(mount->name, controller, FILENAME_MAX - strlen(mount->name) - 1);
++				free(controller);
++			}			
++
+ 		} else if (!name_only) {
+ 			/*
+ 			 * We have controller + name=, do the right thing, since
+@@ -687,7 +715,6 @@ static int cgroup_config_ajdust_mount_options(struct cg_mount_table_s *mount,
+ 		token = strtok_r(NULL, ",", &save);
+ 	}
+ 
+-	free(controller);
+ 	free(opts);
+ 
+ 	if (name_only) {
+-- 
+2.25.1
+

config.patch

@@ -1,5 +1,5 @@
---- libcgroup-0.42.2/samples/cgconfig.sysconfig.orig	2019-12-19 11:25:25.547000000 +0800
-+++ libcgroup-0.42.2/samples/cgconfig.sysconfig	2019-12-19 11:26:01.142000000 +0800
+--- libcgroup-2.0.3/samples/cgconfig.sysconfig.orig	2019-12-19 11:25:25.547000000 +0800
++++ libcgroup-2.0.3/samples/cgconfig.sysconfig	2019-12-19 11:26:01.142000000 +0800
 @@ -5,8 +5,5 @@
  # controller to limit cpu.shares of this default group and allowing some more
  # important group take most of the CPU.

libcgroup-0.37-chmod.patch

@@ -1,32 +0,0 @@
-diff --git libcgroup-0.42.2/src/api.c libcgroup-0.42.2/src/api.c
-index 24ae48d..54a6736 100644
---- libcgroup-0.42.2/src/api.c
-+++ libcgroup-0.42.2/src/api.c
-@@ -159,6 +159,10 @@ static int cg_chown_file(FTS *fts, FTSENT *ent, uid_t owner, gid_t group)
- 	return ret;
- }
- 
-+int cg_chmod_file(FTS *fts, FTSENT *ent, mode_t dir_mode,
-+	int dirm_change, mode_t file_mode, int filem_change,
-+	int owner_is_umask);
-+
- /*
-  * TODO: Need to decide a better place to put this function.
-  */
-@@ -166,6 +170,8 @@ static int cg_chown_recursive(char **path, uid_t owner, gid_t group)
- {
- 	int ret = 0;
- 	FTS *fts;
-+	/* mode 664 */
-+	mode_t mode = S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP | S_IROTH;
- 
- 	cgroup_dbg("chown: path is %s\n", *path);
- 	fts = fts_open(path, FTS_PHYSICAL | FTS_NOCHDIR |
-@@ -183,6 +189,7 @@ static int cg_chown_recursive(char **path, uid_t owner, gid_t group)
- 			cgroup_warn("Warning: fts_read failed\n");
- 			break;
- 		}
-+		cg_chmod_file(fts, ent, mode, 0, mode, 1, 1);
- 		ret = cg_chown_file(fts, ent, owner, group);
- 	}
- 	fts_close(fts);

libcgroup-0.40.rc1-coverity.patch

@@ -1,79 +0,0 @@
-diff --git libcgroup-0.42.2/src/config.c libcgroup-0.42.2/src/config.c
-index 3ffa263..b5d51b3 100644
---- libcgroup-0.42.2/src/config.c
-+++ libcgroup-0.42.2/src/config.c
-@@ -326,7 +326,7 @@ int config_group_task_perm(char *perm_type, char *value, int flag)
- 	long val = atoi(value);
- 	char buffer[CGROUP_BUFFER_LEN];
- 	struct cgroup *config_cgroup;
--	int table_index;
-+	int table_index, ret;
- 
- 	switch (flag) {
- 	case CGROUP:
-@@ -370,10 +370,10 @@ int config_group_task_perm(char *perm_type, char *value, int flag)
- 			if (!group)
- 				goto group_task_error;
- 
--			getgrnam_r(value, group, buffer,
-+			ret = getgrnam_r(value, group, buffer,
- 					CGROUP_BUFFER_LEN, &group_buffer);
- 
--			if (group_buffer == NULL) {
-+			if (ret != 0 || group_buffer == NULL) {
- 				free(group);
- 				goto group_task_error;
- 			}
-@@ -439,7 +439,7 @@ int config_group_admin_perm(char *perm_type, char *value, int flag)
- 	struct cgroup *config_cgroup;
- 	long val = atoi(value);
- 	char buffer[CGROUP_BUFFER_LEN];
--	int table_index;
-+	int table_index, ret;
- 
- 	switch (flag) {
- 	case CGROUP:
-@@ -482,10 +482,10 @@ int config_group_admin_perm(char *perm_type, char *value, int flag)
- 			if (!group)
- 				goto admin_error;
- 
--			getgrnam_r(value, group, buffer,
-+			ret = getgrnam_r(value, group, buffer,
- 					CGROUP_BUFFER_LEN, &group_buffer);
- 
--			if (group_buffer == NULL) {
-+			if (ret != 0 || group_buffer == NULL) {
- 				free(group);
- 				goto admin_error;
- 			}
-diff --git libcgroup-0.42.2/src/daemon/cgrulesengd.c libcgroup-0.42.2/src/daemon/cgrulesengd.c
-index 4cef53e..90920d1 100644
---- libcgroup-0.42.2/src/daemon/cgrulesengd.c
-+++ libcgroup-0.42.2/src/daemon/cgrulesengd.c
-@@ -654,7 +654,7 @@ close:
- 
- static int cgre_create_netlink_socket_process_msg(void)
- {
--	int sk_nl = 0, sk_unix = 0, sk_max;
-+	int sk_nl = -1, sk_unix = -1, sk_max;
- 	struct sockaddr_nl my_nla;
- 	char buff[BUFF_SIZE];
- 	int rc = -1;
-diff --git libcgroup-0.42.2/src/tools/lscgroup.c libcgroup-0.42.2/src/tools/lscgroup.c
-index bfb1724..d15a0c2 100644
---- libcgroup-0.42.2/src/tools/lscgroup.c
-+++ libcgroup-0.42.2/src/tools/lscgroup.c
-@@ -96,11 +96,11 @@ static int display_controller_data(char *input_path, char *controller, char *nam
- 	if (ret != 0)
- 		return ret;
- 
--	strncpy(cgroup_dir_path, info.full_path, FILENAME_MAX);
-+	strncpy(cgroup_dir_path, info.full_path, FILENAME_MAX - 1);
- 	/* remove problematic  '/' characters from cgroup directory path*/
- 	trim_filepath(cgroup_dir_path);
- 
--	strncpy(input_dir_path, input_path, FILENAME_MAX);
-+	strncpy(input_dir_path, input_path, FILENAME_MAX - 1);
- 
- 	/* remove problematic  '/' characters from input directory path*/
- 	trim_filepath(input_dir_path);

libcgroup-0.40.rc1-fread.patch

@@ -1,50 +0,0 @@
-diff --git libcgroup-0.42.2/src/api.c libcgroup-0.42.2/src/api.c
-index 54a6736..1557393 100644
---- libcgroup-0.42.2/src/api.c
-+++ libcgroup-0.42.2/src/api.c
-@@ -2482,29 +2482,29 @@ static int cg_rd_ctrl_file(const char *subsys, const char *cgroup,
- 					const char *file, char **value)
- {
- 	char path[FILENAME_MAX];
--	FILE *ctrl_file = NULL;
--	int ret;
-+	int ctrl_file = -1;
-+	ssize_t ret;
- 
- 	if (!cg_build_path_locked(cgroup, path, subsys))
- 		return ECGFAIL;
- 
- 	strncat(path, file, sizeof(path) - strlen(path));
--	ctrl_file = fopen(path, "re");
--	if (!ctrl_file)
-+	ctrl_file = open(path, O_RDONLY | O_CLOEXEC);
-+	if (ctrl_file < 0)
- 		return ECGROUPVALUENOTEXIST;
- 
- 	*value = calloc(CG_CONTROL_VALUE_MAX, 1);
- 	if (!*value) {
--		fclose(ctrl_file);
-+		close(ctrl_file);
- 		last_errno = errno;
- 		return ECGOTHER;
- 	}
- 
- 	/*
--	 * using %as crashes when we try to read from files like
-+	 * using %as or fread crashes when we try to read from files like
- 	 * memory.stat
- 	 */
--	ret = fread(*value, 1, CG_CONTROL_VALUE_MAX-1, ctrl_file);
-+	ret = read(ctrl_file, *value, CG_CONTROL_VALUE_MAX-1);
- 	if (ret < 0) {
- 		free(*value);
- 		*value = NULL;
-@@ -2514,7 +2514,7 @@ static int cg_rd_ctrl_file(const char *subsys, const char *cgroup,
- 			(*value)[ret-1] = '\0';
- 	}
- 
--	fclose(ctrl_file);
-+	close(ctrl_file);
- 
- 	return 0;
- }

libcgroup-0.40.rc1-templates-fix.patch

@@ -1,17 +0,0 @@
-diff --git libcgroup-0.42.2/src/api.c libcgroup-0.42.2/src/api.c
-index 1557393..318a438 100644
---- libcgroup-0.42.2/src/api.c
-+++ libcgroup-0.42.2/src/api.c
-@@ -3457,10 +3457,10 @@ int cgroup_change_cgroup_flags(uid_t uid, gid_t gid,
- 						available, "%d", pid);
- 					break;
- 				case 'p':
--					if(procname) {
-+					if(procname && strlen(basename(procname))) {
- 						written = snprintf(newdest + j,
- 							available, "%s",
--							procname);
-+							basename(procname));
- 					} else {
- 						written = snprintf(newdest + j,
- 							available, "%d", pid);

libcgroup.spec

@@ -4,20 +4,17 @@
 
 Summary: Libcgroup is a library that abstracts the control group file system in Linux
 Name: libcgroup
-Version: 0.42.2
-Release: 1
+Version: 2.0.3
+Release: 4
 License: LGPLv2+
 URL: http://libcg.sourceforge.net/
-Source0: https://github.com/%{name}/%{name}/archive/v%{version}/%{name}-v%{version}.tar.gz
+Source0: https://github.com/%{name}/%{name}/archive/v%{version}/%{name}-%{version}.tar.gz
 Source1: cgconfig.service
 Provides: libcgroup-pam libcgroup-tools
 Obsoletes: libcgroup-pam libcgroup-tools
 
 Patch0: config.patch
-Patch1: libcgroup-0.37-chmod.patch
-Patch2: libcgroup-0.40.rc1-coverity.patch
-Patch3: libcgroup-0.40.rc1-fread.patch
-Patch4: libcgroup-0.40.rc1-templates-fix.patch
+Patch1: Add-support-for-multiple-controllers-on-same-mount-point.patch
 
 BuildRequires: autoconf, automake, libtool
 BuildRequires: gcc,gcc-c++,byacc
@@ -47,14 +44,15 @@ It provides helpful information for libcgroup-pam,libcgroup-devel,libcgroup-tool
 %setup  -q  -n %{name}-%{version}
 %patch0 -p1
 %patch1 -p1
-%patch2 -p1
-%patch3 -p1
-%patch4 -p1
 
 %build
 autoreconf -vif
 %configure --enable-pam-module-dir=%{_libdir}/security --enable-opaque-hierarchy="name=systemd" --disable-daemon
+%ifarch sw_64
+make
+%else
 make %{?_smp_mflags}
+%endif
 
 %install
 make DESTDIR=$RPM_BUILD_ROOT install
@@ -66,7 +64,7 @@ install -m 644 samples/cgconfig.conf $RPM_BUILD_ROOT%{_sysconfdir}/cgconfig.conf
 install -m 644 samples/cgsnapshot_blacklist.conf $RPM_BUILD_ROOT%{_sysconfdir}/cgsnapshot_blacklist.conf
 
 # Only one pam_cgroup.so is needed
-mv -f $RPM_BUILD_ROOT%{_libdir}/security/pam_cgroup.so.*.*.* $RPM_BUILD_ROOT%{_libdir}/security/pam_cgroup.so
+#mv -f $RPM_BUILD_ROOT%{_libdir}/security/pam_cgroup.so $RPM_BUILD_ROOT%{_libdir}/security/pam_cgroup.so
 rm -f $RPM_BUILD_ROOT%{_libdir}/security/pam_cgroup.{,l}a $RPM_BUILD_ROOT%{_libdir}/security/pam_cgroup.so.*
 
 rm -f $RPM_BUILD_ROOT%{_libdir}/*.{,l}a
@@ -84,7 +82,7 @@ install -m 644 %SOURCE1 ${RPM_BUILD_ROOT}%{_unitdir}/
 %pre
 getent group cgred >/dev/null || groupadd -r cgred
 
-%post 
+%post
 %systemd_post cgconfig.service
 
 %preun
@@ -115,7 +113,7 @@ getent group cgred >/dev/null || groupadd -r cgred
 /usr/sbin/cgconfigparser
 %attr(2755, root, cgred) /usr/bin/cgexec
 %attr(2755, root, cgred) /usr/bin/cgclassify
-%attr(0755,root,root) %{_libdir}/security/pam_cgroup.so
+%attr(0755, root, root) %{_libdir}/security/pam_cgroup.so
 %{_unitdir}/cgconfig.service
 
 %files devel
@@ -134,6 +132,42 @@ getent group cgred >/dev/null || groupadd -r cgred
 %attr(0644, root, root) %{_mandir}/man8/*
 
 %changelog
+* Mon Dec 09 2024 liuxu <liuxu156@huawei.com> - 2.0.3-4
+- Type: bugfix
+- Id:NA
+- SUG:NA
+- DESC:sync patch
+
+* Tue Nov 26 2024 lipengyu <lipengyu@kylinos.cn> - 2.0.3-3
+- Type: bugfix
+- Id:NA
+- SUG:NA
+- DESC:Add support for multiple controllers on same mount point
+
+* Mon Jun 12 2023 leizhongkai <leizhongkai@huawei.com> - 2.0.3-2
+- Type: upgrade
+- Id:NA
+- SUG:NA
+- DESC:update release version to v2.0.3 for LTS-next branch
+
+* Thu Feb 9 2023 hanchao <hanchao47@huawei.com> - 2.0.3-1
+- Type: upgrade
+- Id:NA
+- SUG:NA
+- DESC:update release version to v2.0.3
+
+* Thu Nov 3 wuzx<wuzx1226@qq.com> - 0.42.2-3
+- Type:feature
+- CVE:NA
+- SUG:NA
+- DESC:Add sw64 architecture
+
+* Thu May 5 2022 wangfengtu<wangfengtu@huawei.com> - 0.42.2-2
+- Type: upgrade
+- Id:NA
+- SUG:NA
+- DESC:update release version
+
 * Wed Nov 4 2020 leizhongkai<leizhongkai@huawei.com> - 0.42.2-1
 - Type: upgrade
 - Id:NA