rhel: secure openvswitch useropts

The openvswitch useropts file is being stored in a directory where the openvswitch user has write permissions. The openvswitch user can then manipulate the file to change the user under which switchd daemon runs. This patch changes the file to /var/openvswitch.useropts preventing any manipulation. Signed-off-by: Jaime Caamaño Ruiz <jcaamano@suse.com> Signed-off-by: Ben Pfaff <blp@ovn.org>
author: Jaime Caamaño Ruiz <jcaamano@suse.com> 2019-05-08 13:53:47 +0200
committer: Ben Pfaff <blp@ovn.org> 2019-06-09 17:25:45 -0700
commit: 27e25e18c1f4cdd789d5670ab9e01dcf02a86b6f (patch)
tree: d4f2751d6d8fa40f992437c7f8e88792eeb5859f /rhel/usr_lib_systemd_system_ovs-vswitchd.service.in
parent: dd9b0ed538997b0723addf91522ebc13adab556a (diff)
download: openvswitch-27e25e18c1f4cdd789d5670ab9e01dcf02a86b6f.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/rhel/usr_lib_systemd_system_ovs-vswitchd.service.in b/rhel/usr_lib_systemd_system_ovs-vswitchd.service.in
index edd76493c..87abe3a89 100644
--- a/rhel/usr_lib_systemd_system_ovs-vswitchd.service.in
+++ b/rhel/usr_lib_systemd_system_ovs-vswitchd.service.in
@@ -14,7 +14,7 @@ Restart=on-failure
 Environment=XDG_RUNTIME_DIR=/var/run/openvswitch
 EnvironmentFile=/etc/openvswitch/default.conf
 EnvironmentFile=-/etc/sysconfig/openvswitch
-EnvironmentFile=-/run/openvswitch/useropts
+EnvironmentFile=-/run/openvswitch.useropts
 LimitSTACK=2M
 @begin_dpdk@
 ExecStartPre=-/bin/sh -c '/usr/bin/chown :$${OVS_USER_ID##*:} /dev/hugepages'
author	Jaime Caamaño Ruiz <jcaamano@suse.com>	2019-05-08 13:53:47 +0200
committer	Ben Pfaff <blp@ovn.org>	2019-06-09 17:25:45 -0700
commit	27e25e18c1f4cdd789d5670ab9e01dcf02a86b6f (patch)
tree	d4f2751d6d8fa40f992437c7f8e88792eeb5859f /rhel/usr_lib_systemd_system_ovs-vswitchd.service.in
parent	dd9b0ed538997b0723addf91522ebc13adab556a (diff)
download	openvswitch-27e25e18c1f4cdd789d5670ab9e01dcf02a86b6f.tar.gz