Re: [ovs-dev] [PATCHv2] rhel: if rpms were built without libcapng then let processrs to run as root
On Tue, 16 Apr 2019 at 12:36, Ben Pfaff wrote: > > On Tue, Apr 16, 2019 at 12:27:59PM -0700, Ansis Atteka wrote: > > Otherwise, Open vSwitch will fail to start with the following > > error "libcap-ng is not configured at compile time" when it > > attempts to downgrade to Open vSwitch user. > > > > Also, if packages were built in a way where processes are > > supposed to be running only as root, then there is no point > > in creating "openvswitch" user in the first place. > > > > Signed-off-by: Ansis Atteka > > Acked-by: Ben Pfaff Thanks, I pushed it. > > s/processrs/processes/ in the subject. > > Aaron Conole's comments seem reasonable too but I think that they can be > treated separately. Agree about this. Will take a look. ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
Re: [ovs-dev] [PATCHv2] rhel: if rpms were built without libcapng then let processrs to run as root
On Tue, Apr 16, 2019 at 12:27:59PM -0700, Ansis Atteka wrote: > Otherwise, Open vSwitch will fail to start with the following > error "libcap-ng is not configured at compile time" when it > attempts to downgrade to Open vSwitch user. > > Also, if packages were built in a way where processes are > supposed to be running only as root, then there is no point > in creating "openvswitch" user in the first place. > > Signed-off-by: Ansis Atteka Acked-by: Ben Pfaff s/processrs/processes/ in the subject. Aaron Conole's comments seem reasonable too but I think that they can be treated separately. ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
[ovs-dev] [PATCHv2] rhel: if rpms were built without libcapng then let processrs to run as root
Otherwise, Open vSwitch will fail to start with the following
error "libcap-ng is not configured at compile time" when it
attempts to downgrade to Open vSwitch user.
Also, if packages were built in a way where processes are
supposed to be running only as root, then there is no point
in creating "openvswitch" user in the first place.
Signed-off-by: Ansis Atteka
---
rhel/openvswitch-fedora.spec.in | 8
1 file changed, 8 insertions(+)
diff --git a/rhel/openvswitch-fedora.spec.in b/rhel/openvswitch-fedora.spec.in
index c1cd3f4c6..ce728b4f0 100644
--- a/rhel/openvswitch-fedora.spec.in
+++ b/rhel/openvswitch-fedora.spec.in
@@ -350,6 +350,7 @@ rm -rf $RPM_BUILD_ROOT
%endif
%pre
+%if %{with libcapng}
getent group openvswitch >/dev/null || groupadd -r openvswitch
getent passwd openvswitch >/dev/null || \
useradd -r -g openvswitch -d / -s /sbin/nologin \
@@ -359,9 +360,11 @@ getent passwd openvswitch >/dev/null || \
getent group hugetlbfs >/dev/null || groupadd -r hugetlbfs
usermod -a -G hugetlbfs openvswitch
%endif
+%endif
exit 0
%post
+%if %{with libcapng}
if [ $1 -eq 1 ]; then
sed -i 's:^#OVS_USER_ID=:OVS_USER_ID=:' /etc/sysconfig/openvswitch
sed -i 's:\(.*su\).*:\1 openvswitch openvswitch:'
%{_sysconfdir}/logrotate.d/openvswitch
@@ -376,6 +379,7 @@ if [ $1 -eq 1 ]; then
chown -R openvswitch:openvswitch /etc/openvswitch
chown -R openvswitch:openvswitch /var/log/openvswitch
fi
+%endif
%if 0%{?systemd_post:1}
%systemd_post %{name}.service
@@ -445,7 +449,11 @@ fi
%endif
%files
+%if %{with libcapng}
%defattr(-,openvswitch,openvswitch)
+%else
+%defattr(-,root,root)
+%endif
%dir %{_sysconfdir}/openvswitch
%{_sysconfdir}/openvswitch/default.conf
%config %ghost %{_sysconfdir}/openvswitch/conf.db
--
2.14.1
___
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev
