[ovs-dev] [PATCH] utilities: Run ovsdb-server pre-startup DB steps as root
Timothy Redaelli
tredaelli at redhat.com
Thu Aug 2 16:58:27 UTC 2018
On Fri, Jul 27, 2018 at 8:16 PM, Aaron Conole <aconole at redhat.com> wrote:
> Markos Chandras <mchandras at suse.de> writes:
[...]
>
> Is it possible that the provided diff can fix most of the issue (rather
> than needing the corrective block in ovs-ctl)? If so, I'd advocate for
> the smaller change instead. I need to double check it on RHEL/Fedora.
>
> Flavio? Timothy?
>
> diff --git a/utilities/ovs-lib.in b/utilities/ovs-lib.in
> index 92f98ad92..8db887ef6 100644
> --- a/utilities/ovs-lib.in
> +++ b/utilities/ovs-lib.in
> @@ -389,7 +389,7 @@ move_ip_routes () {
>
> ovsdb_tool () {
> if [ "$OVS_USER" != "" ]; then
> - runuser --user "${OVS_USER%:*}" -- ovsdb-tool -vconsole:off "$@"
> + setpriv --reuid "${OVS_USER%:*}" ovsdb-tool -vconsole:off "$@"
> else
> ovsdb-tool -vconsole:off "$@"
> fi
Hi,
I tested your solution with SUSE (Vagrant), RHEL7 and Fedora 28.
Unfortunately, as-is, it doesn't work on RHEL7 since the old setpriv
version we use on RHEL7
doesn't support an username, but it wants the userid (the numeric one).
Moreover if you don't specify --regid setpriv maintains 0 (root) as
group id and this can be bad.
I created a variant of this implementation that works on SUSE, RHEL7
and Fedora 28
and that fixes the problem, by keeping the same uid/gid/groups used by runuser.
Is it ok?
diff --git a/utilities/ovs-lib.in b/utilities/ovs-lib.in
index c3b76ec94..33776aac7 100644
--- a/utilities/ovs-lib.in
+++ b/utilities/ovs-lib.in
@@ -389,7 +389,10 @@ move_ip_routes () {
ovsdb_tool () {
if [ "$OVS_USER" != "" ]; then
- runuser --user "${OVS_USER%:*}" -- ovsdb-tool -vconsole:off "$@"
+ local uid=$(id -u "${OVS_USER%:*}")
+ local gid=$(id -g "${OVS_USER%:*}")
+ local groups=$(id -G "${OVS_USER%:*}" | tr ' ' ',')
+ setpriv --reuid "$uid" --regid "$gid" --groups "$groups"
ovsdb-tool -vconsole:off "$@"
else
ovsdb-tool -vconsole:off "$@"
fi
More information about the dev
mailing list