[ovs-dev] [rhel --user v2 5/7] ovs-lib: add directory_check()

Flavio Leitner fbl at sysclose.org
Thu Nov 26 23:33:58 UTC 2015 

On Fri, Nov 20, 2015 at 03:33:18AM -0800, Andy Zhou wrote:
> Rafactor common directory existence check and ownership check into
> a common function. Move daemon's default directory to $RUNDIR, since
> the process may not able to write core file to "/" anymore after the
> user change.
> 
> Signed-off-by: Andy Zhou <azhou at ovn.org>
> 
> ---
> v1->v2:  * Drop using 'stat -c"
>          * ADD $OVS_GROUP != root in addition to $OVS_USER != root check
> ---
>  utilities/ovs-lib.in | 37 ++++++++++++++++++++++++++++---------
>  1 file changed, 28 insertions(+), 9 deletions(-)
> 
> diff --git a/utilities/ovs-lib.in b/utilities/ovs-lib.in
> index ad223c0..ad9c9f4 100644
> --- a/utilities/ovs-lib.in
> +++ b/utilities/ovs-lib.in
> @@ -70,8 +70,6 @@ ovs_ctl () {
>  
>  VERSION='@VERSION@'
>  
> -DAEMON_CWD=/
> -
>  LC_ALL=C; export LC_ALL
>  
>  ## ------------- ##
> @@ -154,6 +152,23 @@ pid_comm_check () {
>      [ "$1" = "`cat /proc/$2/comm`" ]
>  }
>  
> +# Make sure the directory '$1' exits. If not, crate it. If yes, make sure
> +# its group ownership agrees with $OVS_GROUP. If not, chown on all files
> +# within it.  We don't enforce $OVS_USER to allow for multiple users that
> +# shares $OVS_GROUP.
> +directory_check() {
> +    dir=$1
> +
> +    if test -d "$dir"; then
> +        # Change the ownership of the top level directory and the first
> +        # level files below it.
> +       chown "$OVS_USER":"$OVS_GROUP" "$dir"
> +       find "$dir" -maxdepth 1 -type f -exec chown "$OVS_USER":"$OVS_GROUP" {} \;
> +    else
> +        install -d -m 775 -o "$OVS_USER" -g "$OVS_GROUP" "$dir"
> +    fi
> +}
> +
>  start_daemon () {
>      priority=$1
>      wrapper=$2
> @@ -161,20 +176,24 @@ start_daemon () {
>      daemon=$1
>      strace=""
>  
> -    # drop core files in a sensible place
> -    test -d "$DAEMON_CWD" || install -d -m 755 -o "$OVS_USER" -g "$OVS_GROUP" "$DAEMON_CWD"
> -    set "$@" --no-chdir
> -    cd "$DAEMON_CWD"
> -
>      # log file
> -    test -d "$logdir" || install -d -m 755 -o "$OVS_USER" -g "$OVS_GROUP" "$logdir"
> +    directory_check "$logdir"
>      set "$@" --log-file="$logdir/$daemon.log"
>  
>      # pidfile and monitoring
> -    test -d "$rundir" || install -d -m 755 -o "$OVS_USER" -g "$OVS_GROUP" "$rundir"
> +    directory_check "$rundir"
>      set "$@" --pidfile="$rundir/$daemon.pid"
>      set "$@" --detach --monitor
>  
> +    # drop core files in a sensible place
> +    cd "$rundir"
> +    set "$@" --no-chdir

This depends on many things.  One is that systemd-coredump(8) handles
core dump properly.  Another is that core(5) which might point to
something else different.

The systemd also provides WorkingDirectory= to set specific workdir,
but we can't use that if the initialization enforces something else.

Anyway, this patch isn't changing anything other the workdir
from / to $rundir, which makes more sense.

> +
> +    # add --user for non root user
> +    if test "$OVS_USER" != "root" || test "$OVS_GROUP" != "root"; then
> +        set "$@" --user="$OVS_USER":"$OVS_GROUP"
> +    fi
> +
>      # wrapper
>      case $wrapper in
>          valgrind)

Acked-by: Flavio Leitner <fbl at sysclose.org>



> -- 
> 1.8.3.1
> 
> _______________________________________________
> dev mailing list
> dev at openvswitch.org
> http://openvswitch.org/mailman/listinfo/dev

More information about the dev mailing list