Package: libpam-cgroup
Version: 0.41-6
Severity: important
Dear Maintainer,
Current stable version for libpam-cgroup suffers from severe programming
error, which prevents libpam-cgroup from doing anything at all.
libpam-cgroup calls 'cgroup_change_cgroup_uid_gid_flags' libcgroup
function with CGFLAG_USECACHE. Current (as of stable) semantics of this
flag implies multiple calls to 'cgroup_change_cgroup_uid_gid_flags'
between cgroup_init() and actual program exit.
But, as current implementation of cgroup_change_cgroup_flags
(cgroup_change_cgroup_uid_gid_flags is a wrapper for it) show,
CGFLAG_USECACHE does not even try to build-up cgroup rules cache if it
is empty. Which is exactly the situation with libpam-cgroup, as it calls
'cgroup_change_cgroup_uid_gid_flags' exactly once during user's login.
Hence, libpam-cgroup will assume that no rule defined in
/etc/cgrules.conf will actually match current user and refuse to do
anything at all.
Suggested fix is attached to this bug report.
-- System Information:
Debian Release: 8.1
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: i386 (x86_64)
Kernel: Linux 3.16.0-4-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE= (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)
Versions of packages libpam-cgroup depends on:
ii libc6 2.19-18
ii libcgroup1 0.41-6
ii libpam0g 1.1.8-3.1
libpam-cgroup recommends no packages.
libpam-cgroup suggests no packages.
-- debconf-show failed
--- a/src/pam/pam_cgroup.c 2015-06-09 20:51:06.000000000 +0300
+++ b/src/pam/pam_cgroup.c 2014-01-13 18:05:56.000000000 +0400
@@ -138,7 +138,7 @@
* under what egid service will be provided?
*/
ret = cgroup_change_cgroup_uid_gid_flags(pwd->pw_uid,
+ pwd->pw_gid, pid, CGFLAG_USECACHE);
- pwd->pw_gid, pid, 0);
if (ret) {
if (ctrl & PAM_DEBUG_ARG)
pam_syslog(pamh, LOG_ERR, "Change of cgroup for process"
