[ovs-git] [openvswitch/ovs] 1bbebf: configure: add configuration options for libcap-ng

GitHub noreply at github.com
Thu Oct 1 03:49:17 UTC 2015


  Branch: refs/heads/master
  Home:   https://github.com/openvswitch/ovs
  Commit: 1bbebfb7afadac4adf209cf7f7ab69655479638b
      https://github.com/openvswitch/ovs/commit/1bbebfb7afadac4adf209cf7f7ab69655479638b
  Author: Andy Zhou <azhou at nicira.com>
  Date:   2015-09-30 (Wed, 30 Sep 2015)

  Changed paths:
    M INSTALL.md
    M configure.ac
    M lib/automake.mk
    M m4/openvswitch.m4

  Log Message:
  -----------
  configure: add configuration options for libcap-ng

Add configuration option for enabling or disabling linking with
libcap-ng.  Since capabilities are a security feature, the libcapng
option is handled as follows:

    - no option: use libcapng if it's present

    --disable-libcapng: do not use libcapng

    --enable-libcapng: do use libcapng and fail configuration if
                 it's missing

On Linux, not linking with libcapng makes all OVS daemons fail when
--user option is specified.

Signed-off-by: Andy Zhou <azhou at nicira.com>
Acked-by: Ben Pfaff <blp at nicira.com>


  Commit: e91b927d8966bfcb9768225392324dde4fd7d7f6
      https://github.com/openvswitch/ovs/commit/e91b927d8966bfcb9768225392324dde4fd7d7f6
  Author: Andy Zhou <azhou at nicira.com>
  Date:   2015-09-30 (Wed, 30 Sep 2015)

  Changed paths:
    M NEWS
    M lib/daemon-unix.c
    M lib/daemon-windows.c
    M lib/daemon.c
    M lib/daemon.h
    M lib/daemon.man
    M ovn/controller-vtep/ovn-controller-vtep.c
    M ovn/controller/ovn-controller.c
    M ovn/northd/ovn-northd.c
    M ovsdb/ovsdb-client.c
    M ovsdb/ovsdb-server.c
    M tests/test-jsonrpc.c
    M tests/test-netflow.c
    M tests/test-sflow.c
    M utilities/ovs-ofctl.c
    M utilities/ovs-testcontroller.c
    M vswitchd/ovs-vswitchd.c

  Log Message:
  -----------
  lib/daemon: support --user option for all OVS daemon

OVS daemons can now support --user option to run as a non-root
user with less privileges.

See the manpage patch for more descriptions.

Signed-off-by: Andy Zhou <azhou at nicira.com>
Acked-by: Ben Pfaff <blp at nicira.com>


  Commit: dfc89a556dc77710233d15e19d1f5fcd26fee357
      https://github.com/openvswitch/ovs/commit/dfc89a556dc77710233d15e19d1f5fcd26fee357
  Author: Andy Zhou <azhou at nicira.com>
  Date:   2015-09-30 (Wed, 30 Sep 2015)

  Changed paths:
    M lib/netdev-dpdk.c

  Log Message:
  -----------
  dpdk: reject --user option

dpdk datapath needs to run as root. Block the --user
option for now. It is likely we will revisit this issue for possibly
supporting --user option for dpdk datapath process as well.

Signed-off-by: Andy Zhou <azhou at nicira.com>
Acked-by: Ben Pfaff <blp at nicira.com>


  Commit: 9bf2f075d76accfe314adaa7182bf9c978a6a9c3
      https://github.com/openvswitch/ovs/commit/9bf2f075d76accfe314adaa7182bf9c978a6a9c3
  Author: Andy Zhou <azhou at nicira.com>
  Date:   2015-09-30 (Wed, 30 Sep 2015)

  Changed paths:
    M utilities/ovs-dev.py

  Log Message:
  -----------
  ovs-dev.py: allow current directory to be used as the working directory

Rather than forcing a single ovs source tree under ~/ovs, this
change supports invoking the script from the root of any
ovs source tree as the working source tree. If the script is invoked
from a directory not recognized as OVS source tree, ~/ovs will
then be used.

Signed-off-by: Andy Zhou <azhou at nicira.com>
Acked-by: Joe Stringer <joestringer at nicira.com>


  Commit: 0c001985e2e6fcce7598c94394c2c070b4a6216f
      https://github.com/openvswitch/ovs/commit/0c001985e2e6fcce7598c94394c2c070b4a6216f
  Author: Andy Zhou <azhou at nicira.com>
  Date:   2015-09-30 (Wed, 30 Sep 2015)

  Changed paths:
    M utilities/ovs-dev.py

  Log Message:
  -----------
  ovs-dev.py: rename ROOT to RUNDIR

RUNDIR seems to be a better name.

Signed-off-by: Andy Zhou <azhou at nicira.com>
Acked-by: Joe Stringer <joestringer at nicira.com>


  Commit: c5c9cb9ef22464b6ff7d4085645d31d368c5be7a
      https://github.com/openvswitch/ovs/commit/c5c9cb9ef22464b6ff7d4085645d31d368c5be7a
  Author: Andy Zhou <azhou at nicira.com>
  Date:   2015-09-30 (Wed, 30 Sep 2015)

  Changed paths:
    M utilities/ovs-dev.py

  Log Message:
  -----------
  ovs-dev.py: run operational commands as root

Switch operational commands, run, kill, reset and modinst directly
or indirectly read and writes files within the RUNDIR. Currently
these commands run in the current user context, with some "sudo"
commands thrown in to ensure daemons such as ovs-vswichd will be
launched as root.

This approach works fine as long as ovs-dev.py is always
run as root, (but then the 'sudo' commands added are redundant).
When invoking ovs-dev.py as non-root, files in RUNDIR will be mixed
with root created file and non-root created files, making it confusing
to decide whether to run ovs-appctl as root or not. Multiple
invocations of ovs-dev.py as root or non-root causes permission issues
since the same file created by a different user may no longer be
accessible when user changes.

This patch improves the situation by always run those four operational
commands as root. When they are invoked as non-root, "sudo" will be
used automatically by re-run the command with sudo.  VARDIR will now
always be access as root. The next patch will add --user and -u option
to allow for downgrading to running all daemons as non-root.

Signed-off-by: Andy Zhou <azhou at nicira.com>
Acked-by: Joe Stringer <joestringer at nicira.com>


  Commit: c543ef57f8e7925d693c74690048a82efe9e8388
      https://github.com/openvswitch/ovs/commit/c543ef57f8e7925d693c74690048a82efe9e8388
  Author: Andy Zhou <azhou at nicira.com>
  Date:   2015-09-30 (Wed, 30 Sep 2015)

  Changed paths:
    M utilities/ovs-dev.py

  Log Message:
  -----------
  ovs-dev.py: add --user option

ovs-dev.py "run" command now accepts the "--user" option for running
all ovs daemons as "user". The argument can be specified in
"user[:group]" format.

Signed-off-by: Andy Zhou <azhou at nicira.com>
Acked-by: Joe Stringer <joestringer at nicira.com>


  Commit: bf66c06797b0b03ec72582472d55d72e854eb435
      https://github.com/openvswitch/ovs/commit/bf66c06797b0b03ec72582472d55d72e854eb435
  Author: Andy Zhou <azhou at nicira.com>
  Date:   2015-09-30 (Wed, 30 Sep 2015)

  Changed paths:
    M utilities/ovs-dev.py

  Log Message:
  -----------
  ovs-dev.py: add --monitor and option

Runs ovsdb-server and ovs-vswitch with --monitor option. This feature
is useful for testing daemon monitoring together with --user option.

Signed-off-by: Andy Zhou <azhou at nicira.com>
Acked-by: Joe Stringer <joestringer at nicira.com>


Compare: https://github.com/openvswitch/ovs/compare/c28a1f83b1d6...bf66c06797b0


More information about the git mailing list