1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
|
The following options are valid on POSIX based platforms.
.TP
\fB\-\-pidfile\fR[\fB=\fIpidfile\fR]
Causes a file (by default, \fB\*(PN.pid\fR) to be created indicating
the PID of the running process. If the \fIpidfile\fR argument is not
specified, or
if it does not begin with \fB/\fR, then it is created in
\fB@RUNDIR@\fR.
.IP
If \fB\-\-pidfile\fR is not specified, no pidfile is created.
.
.TP
\fB\-\-overwrite\-pidfile\fR
By default, when \fB\-\-pidfile\fR is specified and the specified pidfile
already exists and is locked by a running process, \fB\*(PN\fR refuses
to start. Specify \fB\-\-overwrite\-pidfile\fR to cause it to instead
overwrite the pidfile.
.IP
When \fB\-\-pidfile\fR is not specified, this option has no effect.
.
.IP \fB\-\-detach\fR
Runs \fB\*(PN\fR as a background process. The process forks, and in
the child it starts a new session, closes the standard file
descriptors (which has the side effect of disabling logging to the
console), and changes its current directory to the root (unless
\fB\-\-no\-chdir\fR is specified). After the child completes its
initialization, the parent exits. \*(DD
.
.TP
\fB\-\-monitor\fR
Creates an additional process to monitor the \fB\*(PN\fR daemon. If
the daemon dies due to a signal that indicates a programming error
(\fBSIGABRT\fR, \fBSIGALRM\fR, \fBSIGBUS\fR, \fBSIGFPE\fR,
\fBSIGILL\fR, \fBSIGPIPE\fR, \fBSIGSEGV\fR, \fBSIGXCPU\fR, or
\fBSIGXFSZ\fR) then the monitor process starts a new copy of it. If
the daemon dies or exits for another reason, the monitor process exits.
.IP
This option is normally used with \fB\-\-detach\fR, but it also
functions without it.
.
.TP
\fB\-\-no\-chdir\fR
By default, when \fB\-\-detach\fR is specified, \fB\*(PN\fR
changes its current working directory to the root directory after it
detaches. Otherwise, invoking \fB\*(PN\fR from a carelessly chosen
directory would prevent the administrator from unmounting the file
system that holds that directory.
.IP
Specifying \fB\-\-no\-chdir\fR suppresses this behavior, preventing
\fB\*(PN\fR from changing its current working directory. This may be
useful for collecting core files, since it is common behavior to write
core dumps into the current working directory and the root directory
is not a good directory to use.
.IP
This option has no effect when \fB\-\-detach\fR is not specified.
.
.TP
\fB\-\-user\fR
Causes \fB\*(PN\fR to run as a different user specified in "user:group", thus
dropping most of the root privileges. Short forms "user" and ":group" are also
allowed, with current user or group are assumed respectively. Only daemons
started by the root user accepts this argument.
.IP
On Linux, daemons will be granted CAP_IPC_LOCK and CAP_NET_BIND_SERVICES
before dropping root privileges. Daemons interact with datapath,
such as ovs-vswitchd, will be granted two additional capabilities, namely
CAP_NET_ADMIN and CAP_NET_RAW. The capability change will apply even if
new user is "root".
.IP
On Windows, this option is not currently supported. For security reasons,
specifying this option will cause the daemon process not to start.
|