Russell Bryant <russ...@ovn.org> writes: > On Tue, Mar 27, 2018 at 9:26 AM, Aaron Conole <acon...@redhat.com> wrote: >> Aaron Conole <acon...@redhat.com> writes: >> >>> Currently, regardless of which user is being set as the running user, >>> Open vSwitch daemons on RHEL systems drop capabilities. This means the >>> very powerful CAP_SYS_ADMIN is dropped, even when the user is 'root'. >>> >>> For the majority of use cases this behavior works, as the user can >>> enable or disable various configurations, regardless of which datapath >>> functions are desired. However, when using certain DPDK PMDs, the >>> enablement and configuration calls require CAP_SYS_ADMIN. >>> >>> Instead of retaining CAP_SYS_ADMIN in all cases, which would practically >>> nullify the uid/gid and privilege drop, we don't pass the --ovs-user >>> option to the daemons. This shunts the capability and privilege >>> dropping code. >>> >>> Reported-by: Marcos Felipe Schwarz <marcos.f....@gmail.com> >>> Reported-at: >>> https://mail.openvswitch.org/pipermail/ovs-discuss/2018-January/045955.html >>> Fixes: e3e738a3d058 ("redhat: allow dpdk to also run as non-root user") >>> Signed-off-by: Aaron Conole <acon...@redhat.com> >>> --- >> >> Ping? > > Applied to master and branch-2.9. > > Please continue to CC me on rhel patches like this that have been > reviewed by someone and you feel are ready to be applied.
Cool, will do. Thanks Russell! > Thanks, _______________________________________________ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev