diff options
| author | Vladislav Odintsov <odivlad@gmail.com> | 2023-02-10 19:02:29 +0300 |
|---|---|---|
| committer | Ilya Maximets <i.maximets@ovn.org> | 2023-02-20 19:58:35 +0100 |
| commit | 4f27d5a024dddf6bcaafce7dac95514dd2d12c48 (patch) | |
| tree | f3a38448a0f42ea1fd9546e61b3d000cdf996614 /NEWS | |
| parent | 1f47d73996b0c565f9ce035c899a042f2ea394a6 (diff) | |
| download | openvswitch-4f27d5a024dddf6bcaafce7dac95514dd2d12c48.tar.gz | |
utilities: Add support to set umask in ovs-ctl.
This patch adds new ovs-ctl options to pass umask configuration to allow
OVS daemons set requested socket permissions on group. Previous
behaviour (if using with systemd service unit) created sockets with 0750
permissions mask (group has no write permission).
Write permission for group is reasonable in usecase, where ovs-vswitchd
or ovsdb-server runs as a non-privileged user:group (say,
openvswitch:openvswitch) and it is needed to access unix socket from
process running as another non-privileged user. In this case
administrator has to add that user to openvswitch group and can connect
to OVS sockets from a process running under that user.
Two new ovs-ctl options --ovsdb-server-umask and --ovs-vswitchd-umask
were added to manage umask values for appropriate daemons. This is
useful for systemd users: both ovs-vswitchd and ovsdb-server systemd
units read options from single /etc/sysconfig/openvswitch configuration
file. So, with separate options it is possible to set umask only for
specific daemon.
OPTIONS="--ovsdb-server-umask=0002"
in /etc/openvswitch/sysconfig file will set umask to 0002 value before
starting only ovsdb-server, while
OPTIONS="--ovs-vswitchd-umask=0002"
will set umask to ovs-vswitchd daemon.
Previous behaviour (not setting umask) is left as default.
Reported-at: https://mail.openvswitch.org/pipermail/ovs-dev/2023-January/401501.html
Acked-by: Eelco Chaudron <echaudro@redhat.com>
Signed-off-by: Vladislav Odintsov <odivlad@gmail.com>
Signed-off-by: Ilya Maximets <i.maximets@ovn.org>
Diffstat (limited to 'NEWS')
| -rw-r--r-- | NEWS | 4 |
1 files changed, 4 insertions, 0 deletions
@@ -4,6 +4,10 @@ Post-v3.1.0 * OVS now collects per-interface upcall statistics that can be obtained via 'ovs-appctl dpctl/show -s' or the interface's statistics column in OVSDB. Available with upstream kernel 6.2+. + - ovs-ctl: + * Added new options --[ovsdb-server|ovs-vswitchd]-umask=MODE to set umask + value when starting OVS daemons. E.g., use --ovsdb-server-umask=0002 + in order to create OVSDB sockets with access mode of 0770. v3.1.0 - 16 Feb 2023 |