[ovs-dev] Bug#681880: [bug 681880 2/3] ovsdb: Make "ovsdb-tool create" work through a dangling symlink.

Simon Horman horms at verge.net.au
Fri Jul 27 01:24:23 UTC 2012


On Thu, Jul 26, 2012 at 06:10:26PM -0700, Ben Pfaff wrote:
> On Fri, Jul 27, 2012 at 09:47:49AM +0900, Simon Horman wrote:
> > On Thu, Jul 26, 2012 at 02:48:52PM -0700, Ben Pfaff wrote:
> > > open() with O_CREAT|O_EXCL yields EEXIST if the name passed in is a
> > > symlink, but we would like "ovsdb-tool create /etc/openvswitch/conf.db" to
> > > work if /etc/openvswitch/conf.db is a symlink to elsewhere in the file
> > > system.  This commit fixes the problem.  It introduces a theoretical race,
> > > but no one should be doing "ovsdb-tool create" in parallel anyhow; O_EXCL
> > > is just an idiot check here, not required to be fail-safe.
> > 
> > I'm comfortable with this provided that the location of conf.db is
> > a directory that is is only accessible by the administrator. Else I think
> > there may be some problems from a security POV.
> 
> Good point.
> 
> It's a symlink from /etc/openvswitch to /var/lib/openvswitch.  Both of
> those are only writable by the admin, so I think we're safe on that
> account.

Thanks, I am comfortable with that.

Acked-by: Simon Horman <horms at verge.net.au>



More information about the dev mailing list