On Tue, Mar 27, 2018 at 9:26 AM, Aaron Conole <acon...@redhat.com> wrote: > Aaron Conole <acon...@redhat.com> writes: > >> Currently, regardless of which user is being set as the running user, >> Open vSwitch daemons on RHEL systems drop capabilities. This means the >> very powerful CAP_SYS_ADMIN is dropped, even when the user is 'root'. >> >> For the majority of use cases this behavior works, as the user can >> enable or disable various configurations, regardless of which datapath >> functions are desired. However, when using certain DPDK PMDs, the >> enablement and configuration calls require CAP_SYS_ADMIN. >> >> Instead of retaining CAP_SYS_ADMIN in all cases, which would practically >> nullify the uid/gid and privilege drop, we don't pass the --ovs-user >> option to the daemons. This shunts the capability and privilege >> dropping code. >> >> Reported-by: Marcos Felipe Schwarz <marcos.f....@gmail.com> >> Reported-at: >> https://mail.openvswitch.org/pipermail/ovs-discuss/2018-January/045955.html >> Fixes: e3e738a3d058 ("redhat: allow dpdk to also run as non-root user") >> Signed-off-by: Aaron Conole <acon...@redhat.com> >> --- > > Ping?
Applied to master and branch-2.9. Please continue to CC me on rhel patches like this that have been reviewed by someone and you feel are ready to be applied. Thanks, -- Russell Bryant _______________________________________________ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
