[ovs-git] [openvswitch/ovs] faf665: rhel: Fix logrotate group when dpdk is enabled.

Ilya Maximets noreply at github.com
Wed Sep 16 12:27:05 UTC 2020


  Branch: refs/heads/branch-2.13
  Home:   https://github.com/openvswitch/ovs
  Commit: faf6651357678bc04fc8ad7f2e916ad4d3e9aa34
      https://github.com/openvswitch/ovs/commit/faf6651357678bc04fc8ad7f2e916ad4d3e9aa34
  Author: Jaime Caamaño Ruiz <jcaamano at suse.com>
  Date:   2020-09-15 (Tue, 15 Sep 2020)

  Changed paths:
    M rhel/openvswitch-fedora.spec.in

  Log Message:
  -----------
  rhel: Fix logrotate group when dpdk is enabled.

Otherwise logrotate will fail to generate the rotated log files.

Signed-off-by: Jaime Caamaño Ruiz <jcaamano at suse.com>
Acked-by: Flavio Leitner <fbl at sysclose.org>
Signed-off-by: Ilya Maximets <i.maximets at ovn.org>


  Commit: c38ebe8164089184f00594751d4240ab050b02d9
      https://github.com/openvswitch/ovs/commit/c38ebe8164089184f00594751d4240ab050b02d9
  Author: Flavio Leitner <fbl at sysclose.org>
  Date:   2020-09-15 (Tue, 15 Sep 2020)

  Changed paths:
    M Documentation/topics/userspace-tso.rst

  Log Message:
  -----------
  userspace-tso: Document the minimum kernel version.

The kernel needs to be at least 4.19-rc7 to include the commit
9d2f67e43b73 ("net/packet: fix packet drop as of virtio gso")
otherwise the TSO packets are dropped when using raw sockets.

Fixes: 29cf9c1b3b9c ("userspace: Add TCP Segmentation Offload support")
Reported-by: Yi Yang <yangyi01 at inspur.com>
Signed-off-by: Flavio Leitner <fbl at sysclose.org>
Signed-off-by: Ilya Maximets <i.maximets at ovn.org>


  Commit: 90443bc5c61a07907a08ef97469e30dc4d290cec
      https://github.com/openvswitch/ovs/commit/90443bc5c61a07907a08ef97469e30dc4d290cec
  Author: William Tu <u9012063 at gmail.com>
  Date:   2020-09-15 (Tue, 15 Sep 2020)

  Changed paths:
    M lib/classifier.c

  Log Message:
  -----------
  classifier: Fix use of uninitialized value.

Coverity reports use of uninitialized value of cursor.
This happens in cls_cursor_start(), when rule is false,
cursor.subtable is uninitialized. CID 279324.

Signed-off-by: William Tu <u9012063 at gmail.com>
Reviewed-by: Greg Rose <gvrose8192 at gmail.com>
Signed-off-by: Ilya Maximets <i.maximets at ovn.org>


  Commit: 183be08223d12284de122151e5b6ee8b73881503
      https://github.com/openvswitch/ovs/commit/183be08223d12284de122151e5b6ee8b73881503
  Author: Jaime Caamaño Ruiz <jcaamano at suse.com>
  Date:   2020-09-15 (Tue, 15 Sep 2020)

  Changed paths:
    M rhel/usr_lib_systemd_system_ovsdb-server.service

  Log Message:
  -----------
  rhel: Fix reload of OVS_USER_ID on startup.

OVS_USER_ID was being picked up from a previously existing
openvswitch.useropts rendering innefective any configuration change
through sysconfig.

There is no ordering between Exec* and Environment* stanzas of systemd,
full Enviroment* is always loaded before each Exec*. We make
sure that openvswitch.useropts is removed in a first Exec so that a
fresh OVS_USER_ID can be picked up from config in successive Exec*.

Fixes: 94e1e8b ("rhel: run ovn with the same user as ovs")
Signed-off-by: Jaime Caamaño Ruiz <jcaamano at suse.com>
Acked-by: Greg Rose <gvrose8192 at gmail.com>
Acked-by: Aaron Conole <aconole at redhat.com>
Signed-off-by: Ilya Maximets <i.maximets at ovn.org>


  Commit: 9a6d26ea3037af3976cd8cbec6d5f269427d983b
      https://github.com/openvswitch/ovs/commit/9a6d26ea3037af3976cd8cbec6d5f269427d983b
  Author: Jaime Caamaño Ruiz <jcaamano at suse.com>
  Date:   2020-09-16 (Wed, 16 Sep 2020)

  Changed paths:
    M NEWS
    M lib/netdev-dpdk.c

  Log Message:
  -----------
  netdev-dpdk: Don't set rx mq mode for net_virtio.

Since DPDK 19.11 [1], it is not allowed to set any RX mq mode for virtio
driver.

[1] https://github.com/DPDK/dpdk/commit/13b3137f3b7c8f866947a9b34e06a8aec0d084f7

Signed-off-by: Jaime Caamaño Ruiz <jcaamano at suse.com>
Acked-by: Flavio Leitner <fbl at sysclose.org>
Signed-off-by: Ilya Maximets <i.maximets at ovn.org>


  Commit: 0cb432954ac6e36bc89376ce9af8d6a287a2e971
      https://github.com/openvswitch/ovs/commit/0cb432954ac6e36bc89376ce9af8d6a287a2e971
  Author: Yi-Hung Wei <yihung.wei at gmail.com>
  Date:   2020-09-16 (Wed, 16 Sep 2020)

  Changed paths:
    M selinux/openvswitch-custom.te.in

  Log Message:
  -----------
  selinux: Add missing permissions for ovs-kmod-ctl.

On RHEL 8,  a SELinux policy is missing when ovs-kmod-ctl use modprobe
to load kernel modules.  This patch adds the missing permissions based
on /var/log/audit/audit.log

Example log of the AVC violations:
  type=AVC msg=audit(1599075387.136:65): avc:  denied  { read } for
  pid=1472 comm="modprobe" name="modules.alias.bin" dev="dm-0" ino=586629
  scontext=system_u:system_r:openvswitch_load_module_t:s0
  tcontext=system_u:object_r:modules_dep_t:s0 tclass=file permissive=0

  type=AVC msg=audit(1599085253.148:45): avc:  denied  { open } for pid=1355
  comm="modprobe" path="/usr/lib/modules/4.18.0-193.el8.x86_64/modules.dep.bin"
  dev="dm-0" ino=624258 scontext=system_u:system_r:openvswitch_load_module_t:s0
  tcontext=unconfined_u:object_r:modules_dep_t:s0 tclass=file permissive=0

VMWare-BZ: #2633569
Signed-off-by: Yi-Hung Wei <yihung.wei at gmail.com>
Acked-by: Greg Rose <gvrose8192 at gmail.com>
Acked-by: Ansis Atteka <aatteka at ovn.org>
Signed-off-by: Ilya Maximets <i.maximets at ovn.org>


  Commit: 610dfdc63d5b6a07227cd78341eb1dcd2be3ec63
      https://github.com/openvswitch/ovs/commit/610dfdc63d5b6a07227cd78341eb1dcd2be3ec63
  Author: Ilya Maximets <i.maximets at ovn.org>
  Date:   2020-09-16 (Wed, 16 Sep 2020)

  Changed paths:
    M .cirrus.yml

  Log Message:
  -----------
  cirrus: Use FreeBSD 11.4.

Support cycle of 11.3 ends in the end of September 2020,
so we need to upgrade.

Signed-off-by: Ilya Maximets <i.maximets at ovn.org>
Acked-by: Aaron Conole <aconole at redhat.com>


  Commit: 3c2b1915d21c809e93f3557b8c86b47e7a53c304
      https://github.com/openvswitch/ovs/commit/3c2b1915d21c809e93f3557b8c86b47e7a53c304
  Author: Boleslaw Tokarski <boleslaw.tokarski at jollamobile.com>
  Date:   2020-09-16 (Wed, 16 Sep 2020)

  Changed paths:
    M NEWS
    M ipsec/ovs-monitor-ipsec.in

  Log Message:
  -----------
  ipsec: Fix Strongswan configuration syntax.

Strongswan seems to have .opt files in the source tree with the dotted
option syntax. It seems that up until version 5.6, the syntax was also
accepted by Strongswan.

However, the .opt files are converted to .conf files during Strongswan
build, and the dotted syntax is no longer accepted by Strongswan (tested
on 5.8.2).

The effect was that the ovs ipsec monitor fails to start Strongswan,
since that complains with:
/etc/strongswan.d/ovs.conf:4: syntax error, unexpected ., expecting : or '{' or '=' [.]

This commit fixes the configuration file provided to Strongswan to .conf
syntax.

Signed-off-by: Boleslaw Tokarski <boleslaw.tokarski at jollamobile.com>
Signed-off-by: Ilya Maximets <i.maximets at ovn.org>


Compare: https://github.com/openvswitch/ovs/compare/4d6846d4d8f6...3c2b1915d21c


More information about the git mailing list