[ovs-dev] [PATCH v4 1/5] redhat: allow arbitrary user:group
Russell Bryant
russell at ovn.org
Fri Aug 4 18:31:58 UTC 2017
On Fri, Aug 4, 2017 at 1:00 PM, Aaron Conole <aconole at redhat.com> wrote:
> Under rpm based distributions, the only user:group that the rhel daemons run
> as is 'root:root'. This is fine as a default, but as part of a security
> procedure, users may want to run as an alternate uid/gid. This commit
> adds an OVS_USER_ID environment variable for systemd, which defaults to
> root:root, but can be overridden by changing the /etc/sysconfig/openvswitch
> environment file.
>
> Acked-by: Markos Chandras <mchandras at suse.de>
> Signed-off-by: Aaron Conole <aconole at redhat.com>
> ---
> rhel/automake.mk | 1 +
> rhel/etc_openvswitch_default.conf | 5 +++++
> rhel/openvswitch-fedora.spec.in | 4 ++++
> rhel/usr_lib_systemd_system_ovs-vswitchd.service | 3 +++
> rhel/usr_lib_systemd_system_ovsdb-server.service | 3 +++
> rhel/usr_share_openvswitch_scripts_systemd_sysconfig.template | 3 +++
> 6 files changed, 19 insertions(+)
> create mode 100644 rhel/etc_openvswitch_default.conf
> diff --git a/rhel/usr_share_openvswitch_scripts_systemd_sysconfig.template b/rhel/usr_share_openvswitch_scripts_systemd_sysconfig.template
> index 3050a07..fdaee00 100644
> --- a/rhel/usr_share_openvswitch_scripts_systemd_sysconfig.template
> +++ b/rhel/usr_share_openvswitch_scripts_systemd_sysconfig.template
> @@ -21,3 +21,6 @@
> # --ovsdb-server-wrapper=valgrind
> #
> OPTIONS=""
> +
> +# Uncomment and set the OVS User/Group value
> +#OVS_USER_ID="openvswitch:openvswitch"
Is this really needed? How about just documenting the use of
--ovs-user with OPTIONS above?
More information about the dev
mailing list