Re: [ovs-dev] [PATCHv2] rhel: if rpms were built without libcapng then let processrs to run as root
On Tue, 16 Apr 2019 at 12:36, Ben Pfaff wrote: > > On Tue, Apr 16, 2019 at 12:27:59PM -0700, Ansis Atteka wrote: > > Otherwise, Open vSwitch will fail to start with the following > > error "libcap-ng is not configured at compile time" when it > > attempts to downgrade to Open vSwitch user. > > > > Also, if packages were built in a way where processes are > > supposed to be running only as root, then there is no point > > in creating "openvswitch" user in the first place. > > > > Signed-off-by: Ansis Atteka > > Acked-by: Ben Pfaff Thanks, I pushed it. > > s/processrs/processes/ in the subject. > > Aaron Conole's comments seem reasonable too but I think that they can be > treated separately. Agree about this. Will take a look. ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
Re: [ovs-dev] [PATCHv2] rhel: if rpms were built without libcapng then let processrs to run as root
On Tue, Apr 16, 2019 at 12:27:59PM -0700, Ansis Atteka wrote: > Otherwise, Open vSwitch will fail to start with the following > error "libcap-ng is not configured at compile time" when it > attempts to downgrade to Open vSwitch user. > > Also, if packages were built in a way where processes are > supposed to be running only as root, then there is no point > in creating "openvswitch" user in the first place. > > Signed-off-by: Ansis Atteka Acked-by: Ben Pfaff s/processrs/processes/ in the subject. Aaron Conole's comments seem reasonable too but I think that they can be treated separately. ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
[ovs-dev] [PATCHv2] rhel: if rpms were built without libcapng then let processrs to run as root
Otherwise, Open vSwitch will fail to start with the following error "libcap-ng is not configured at compile time" when it attempts to downgrade to Open vSwitch user. Also, if packages were built in a way where processes are supposed to be running only as root, then there is no point in creating "openvswitch" user in the first place. Signed-off-by: Ansis Atteka --- rhel/openvswitch-fedora.spec.in | 8 1 file changed, 8 insertions(+) diff --git a/rhel/openvswitch-fedora.spec.in b/rhel/openvswitch-fedora.spec.in index c1cd3f4c6..ce728b4f0 100644 --- a/rhel/openvswitch-fedora.spec.in +++ b/rhel/openvswitch-fedora.spec.in @@ -350,6 +350,7 @@ rm -rf $RPM_BUILD_ROOT %endif %pre +%if %{with libcapng} getent group openvswitch >/dev/null || groupadd -r openvswitch getent passwd openvswitch >/dev/null || \ useradd -r -g openvswitch -d / -s /sbin/nologin \ @@ -359,9 +360,11 @@ getent passwd openvswitch >/dev/null || \ getent group hugetlbfs >/dev/null || groupadd -r hugetlbfs usermod -a -G hugetlbfs openvswitch %endif +%endif exit 0 %post +%if %{with libcapng} if [ $1 -eq 1 ]; then sed -i 's:^#OVS_USER_ID=:OVS_USER_ID=:' /etc/sysconfig/openvswitch sed -i 's:\(.*su\).*:\1 openvswitch openvswitch:' %{_sysconfdir}/logrotate.d/openvswitch @@ -376,6 +379,7 @@ if [ $1 -eq 1 ]; then chown -R openvswitch:openvswitch /etc/openvswitch chown -R openvswitch:openvswitch /var/log/openvswitch fi +%endif %if 0%{?systemd_post:1} %systemd_post %{name}.service @@ -445,7 +449,11 @@ fi %endif %files +%if %{with libcapng} %defattr(-,openvswitch,openvswitch) +%else +%defattr(-,root,root) +%endif %dir %{_sysconfdir}/openvswitch %{_sysconfdir}/openvswitch/default.conf %config %ghost %{_sysconfdir}/openvswitch/conf.db -- 2.14.1 ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev