On Tue, Sep 8, 2015 at 5:37 PM, Ben Pfaff <[email protected]> wrote: > On Tue, Sep 08, 2015 at 05:29:24PM -0700, Ben Pfaff wrote: >> On Thu, Sep 03, 2015 at 04:33:42PM -0700, Andy Zhou wrote: >> > Allow daemon running as root to accept --user option, that accepts >> > "user:group" string as input. Performs sanity check on the input, >> > and store the converted uid and gid. >> > >> > daemon_become_new_user() needs to be called to make the actual >> > switch. >> > >> > Signed-off-by: Andy Zhou <[email protected]> >> >> I might have other comments when I look at the final patch. > > One more concern. I believe that this series of patches makes all > daemons accept --user, but only ovsdb-server actually implements it and > the others just treat it as a no-op. I think that this is a bad idea: a > server should only accept --user if it implements it.
It seems having all daemons accept --user would be a useful feature in the long run. OVSDB happens to be the easiest to add support for since it does not really root privilege to run. Sure, I will work on a way to block this option (and map page) for other daemons. _______________________________________________ dev mailing list [email protected] http://openvswitch.org/mailman/listinfo/dev
