- Previously, the pam_cgoup pluggable authentication module (PAM) did not use caching. As a consequence, when a system had several thousand users and the cgrules.conf file contained several thousand lines of configuration settings, the login time could take several seconds. With this update, the libcgroup code no longer reads the /etc/passwd file once for every line in cgrules.conf, and the login time is no longer affected in the described scenario.
- Prior to this update, the cgroup files did not have write permissions set correctly. Consequently, members of the group that owned the cgroup files could not modify their content. The group permissions have been updated, and the members of the group can now modify the content of the cgroup files.
- Previously, the behavior of the cgred service when opening the configuration file was not set correctly. Consequently, cgred failed to start if the configuration file was missing or empty. Explicit checks for the existence of the configuration file have been removed, and cgred now starts with a missing or empty configuration file as expected.
- The code in the cg_get_pid_from_flags() function assumed that every entry in the /etc/cgrules.conf file had the process name specified. As a consequence, if the entry in the /etc/cgrules.conf file did not specify the process name, the cgred service terminated unexpectedly with a segmentation fault. This update allows the code to accept empty process names and cgred no longer crashes.
- Prior to this update, the permissions of the /bin/cgclassify file were set incorrectly. As a consequence, the "--sticky" option of the cgclassify command was ignored when running under a non-privileged user. The file permissions of /bin/cgclassify have been updated, and the "--sticky" option now works correctly for regular users.
- Previously, using commas in the lexical analyzer was not supported. As a consequence, the cgconfig service failed to parse commas in the cgconfig.conf file. Support for commas in the lexical analyzer has been added, and cgconfig can now successfully parse commas in cgconfig.conf.
- The cgrulesengd daemon had different default logging level than the rest of the library. Consequently, the log messages were inconsistent. With this update, the logging level of the cgrulesengd daemon and the library has been unified, and the log messages are now consistent as expected.
- Prior to this update, the cgcreate(1) manual page contained the invalid "-s" option in the synopsis. This update removes this option.
- Previously, the cgred service was starting too early in the boot process. As a consequence, if some services started before cgred, they could avoid being restricted. The boot priority of cgred has been lowered, and all services are now restricted correctly.
- After this update, the cgred daemon supports automated control groups for every user in any UNIX group that logs in. A template is now used to create a new control group automatically, and every process the user launches is started in the appropriate group, which makes managing multiple users easier.