[ovs-dev] [PATCH v3 1/6] ovs-kmod-ctl: introduce a kernel module load script

Aaron Conole aconole at redhat.com
Wed Jun 6 17:55:13 UTC 2018 

Ansis Atteka <ansisatteka at gmail.com> writes:

> On Wed, Jun 6, 2018, 7:31 AM Aaron Conole <aconole at redhat.com> wrote:
>
>  Aaron Conole <aconole at redhat.com> writes:
>
>  > Currently, Open vSwitch on linux embeds the logic of loading and unloading
>  > kernel modules into the ovs-ctl and ovs-lib script files.  This works, but
>  > it means that there is no way to leverage extended filesystem attributes
>  > to grant fine grain permissions relating to module loading.
>  >
>  > The split out utility 'ovs-kmod-ctl' will be used in an upcoming commit
>  > for RHEL-based distributions to have a separate transition domain that
>  > will allow module loading to be given to a separate selinux domain from
>  > the openvswitch_t domain.
>  >
>  > Acked-By: Timothy Redaelli <tredaelli at redhat.com>
>  > Signed-off-by: Aaron Conole <aconole at redhat.com>
>  > ---
>  >  debian/openvswitch-switch.install  |   1 +
>  >  debian/openvswitch-switch.manpages |   1 +
>  >  rhel/openvswitch-fedora.spec.in    |   2 +
>  >  rhel/openvswitch.spec.in           |   2 +
>  >  utilities/.gitignore               |   1 +
>  >  utilities/automake.mk              |   5 +
>  >  utilities/ovs-ctl.in               |  32 +------
>  >  utilities/ovs-kmod-ctl.8           | 109 ++++++++++++++++++++++
>  >  utilities/ovs-kmod-ctl.in          | 183
>  +++++++++++++++++++++++++++++++++++++
>  >  utilities/ovs-lib.in               |  20 +---
>  >  10 files changed, 311 insertions(+), 45 deletions(-)
>  >  create mode 100644 utilities/ovs-kmod-ctl.8
>  >  create mode 100644 utilities/ovs-kmod-ctl.in
>
>  ...
>
>  > +    if test -e /sys/module/ip_gre; then
>  > +        action "Forcing removal of ip_gre module" rmmod ip_gre
>  > +    fi
>  > +
>  > +    if test -e /sys/module/gre; then
>  > +        action "Forcing removal of gre module" rmmod gre
>  > +    fi
>
>  I think this block will no longer successfully apply since
>  a94f9524dbc11c78c83d1a49959497f5e73bf949.  I got caught in the
>  apply/revert storm :)
>
>  How should I proceed?  Should I send an incremental, a new spin of this
>  patch, or a new spin of the series?
>
> Since the conflict was easy to resolve, then I don't think you need to do anything this time. Once I
> will push this patch, you can keep an eye on it just to double check that I resolved the conflict
> correctly.

Thanks, Ansis!

More information about the dev mailing list