[ovs-dev] [PATCH RFC 3/3] manager: Allow change to punix socket file group ownership.

Alex Wang alexw at nicira.com
Sat Aug 22 06:05:57 UTC 2015


If we want to make ovsdb-server non-root, this change may not be need,~

On Fri, Aug 21, 2015 at 11:10 PM, Alex Wang <alexw at nicira.com> wrote:

> This commit adds a new key-value pair, 'punix_file_group=<user group>',
> to the 'other_config' column in the 'Manager' table.  This new config
> allows user to change the punix socket file's group ownership, so that
> non-root process can also connect to ovsdb-server.
>
> Signed-off-by: Alex Wang <alexw at nicira.com>
> ---
>  ovsdb/jsonrpc-server.c |    6 ++++++
>  ovsdb/jsonrpc-server.h |    1 +
>  ovsdb/ovsdb-server.c   |    2 ++
>  vswitchd/vswitch.xml   |   16 ++++++++++++++++
>  4 files changed, 25 insertions(+)
>
> diff --git a/ovsdb/jsonrpc-server.c b/ovsdb/jsonrpc-server.c
> index fffcb73..387a7a0 100644
> --- a/ovsdb/jsonrpc-server.c
> +++ b/ovsdb/jsonrpc-server.c
> @@ -32,6 +32,7 @@
>  #include "row.h"
>  #include "server.h"
>  #include "simap.h"
> +#include "socket-util.h"
>  #include "stream.h"
>  #include "table.h"
>  #include "timeval.h"
> @@ -227,6 +228,11 @@ ovsdb_jsonrpc_server_set_remotes(struct
> ovsdb_jsonrpc_server *svr,
>          }
>
>          ovsdb_jsonrpc_session_set_all_options(remote, options);
> +
> +        if (!strncmp(node->name, "punix:", 6)) {
> +            unix_socket_set_file_group(node->name + 6,
> +                                       options->punix_file_group);
> +        }
>      }
>  }
>
> diff --git a/ovsdb/jsonrpc-server.h b/ovsdb/jsonrpc-server.h
> index fce8b7b..36a15f3 100644
> --- a/ovsdb/jsonrpc-server.h
> +++ b/ovsdb/jsonrpc-server.h
> @@ -35,6 +35,7 @@ struct ovsdb_jsonrpc_options {
>      int max_backoff;            /* Maximum reconnection backoff, in msec.
> */
>      int probe_interval;         /* Max idle time before probing, in msec.
> */
>      int dscp;                   /* Dscp value for manager connections */
> +    const char *punix_file_group; /* For setting the punix file's group.
> */
>  };
>  struct ovsdb_jsonrpc_options *
>  ovsdb_jsonrpc_default_options(const char *target);
> diff --git a/ovsdb/ovsdb-server.c b/ovsdb/ovsdb-server.c
> index cd13b0d..8dca006 100644
> --- a/ovsdb/ovsdb-server.c
> +++ b/ovsdb/ovsdb-server.c
> @@ -770,6 +770,8 @@ add_manager_options(struct shash *remotes, const
> struct ovsdb_row *row)
>              options->dscp = dscp;
>          }
>      }
> +    options->punix_file_group = read_map_string_column(row,
> "other_config",
> +
>  "punix_file_group");
>  }
>
>  static void
> diff --git a/vswitchd/vswitch.xml b/vswitchd/vswitch.xml
> index 6f6e0ed..ae7abfb 100644
> --- a/vswitchd/vswitch.xml
> +++ b/vswitchd/vswitch.xml
> @@ -4286,6 +4286,22 @@
>          default value of 48 is chosen.  Valid DSCP values must be in the
> range
>          0 to 63.
>        </column>
> +
> +      <column name="other_config" key="punix_file_group"
> +                type='{"type": "string"}'>
> +        <p>
> +          When connection method in <ref column="target"/> is
> +          <code>punix</code>, this config specifies the user group to
> which
> +          the group ownership for 'punix' (unix domain socket) file
> created
> +          by ovsdb will be applied.  Also, the file's access permission
> will be
> +          changed to '0770'.
> +        </p>
> +        <p>
> +          By default, the 'punix' file is associated with the 'root'
> +          group and have access permission '0700'.  If this config is
> +          not specified or specified as 'root', the default is restored.
> +        </p>
> +      </column>
>      </group>
>
>      <group title="Common Columns">
> --
> 1.7.9.5
>
>



More information about the dev mailing list