[ovs-discuss] [libvirt-users] create ovs port without root

Ben Pfaff blp at nicira.com
Fri Mar 7 18:00:04 UTC 2014


I don't believe we have a feature for that yet, but it seems like a
reasonable feature to add if you wish to contribute it.

On Fri, Mar 7, 2014 at 3:02 AM, Vasiliy Tolstov <v.tolstov at selfip.ru> wrote:
> Thanks for answers,but as I see libvirt call ovs-vsctl that tries to connect
> to ovs-vswitchd socket,that have rw to root.how can I specify socket
> permissions in vswitchd?
>
> On Thu, Mar 06, 2014 at 02:05:15PM +0400, Vasiliy Tolstov wrote:
>> Hello! How can i operate with openvswitch without root rights?
>> For example - i can add my user to kvm group and create vm from
>> libvirt with my own user, but now i'm failed with creating port.
>>
>> errors in logs:
>> Mar 06 14:04:46 selfip.ru ovs-vsctl[19065]:
>> ovs|00001|vsctl|INFO|Called as ovs-vsctl --timeout=5 -- --if-exists
>> del-port
>> Mar 06 14:04:46 selfip.ru ovs-vsctl[19065]:
>> ovs|00002|vsctl|ERR|'del-port' command requires at least 1 arguments
>> Mar 06 14:04:46 selfip.ru libvirtd[6418]: internal error: Child
>> process (ovs-vsctl --timeout=5 -- --if-exists del-port) unexpected
>> exit status 1: ovs-vsctl: 'del-port' command requires at least 1
>> arguments
>> Mar 06 14:04:46 selfip.ru libvirtd[6418]: Unable to delete port (null)
>> from OVS: Operation not permitted
>
> I assume that any admin commands related to OVS will require
> CAP_NET_ADMIN as is required for all non-OVS network tasks too,
> which pretty much means you have to be root.
>
> Regards,
> Daniel
> --
> |: http://berrange.com      -o-    http://www.flickr.com/photos/dberrange/
> :|
> |: http://libvirt.org              -o-             http://virt-manager.org
> :|
> |: http://autobuild.org       -o-         http://search.cpan.org/~danberr/
> :|
> |: http://entangle-photo.org       -o-       http://live.gnome.org/gtk-vnc
> :|
-- 
"I don't normally do acked-by's.  I think it's my way of avoiding
getting blamed when it all blows up."               Andrew Morton



More information about the discuss mailing list