On Sep 26, 2016 7:02 PM, wrote:
>
> Hi all ,
>
> I have been trying to test IPSEC over GRE on Centos7.3 . I am able to
test on ubuntu14.04 .
The ovs-monitor-ipsec daemon never was packaged (ie had *.rpm package) for
CentOS. Just for debain/ubuntu.
However, now we just removed debian package as w
tor-ipsec.at
Assuming you were able to build all other debian packages with "fakeroot
debian/rules binary" after removing and editing those files, then
Acked-by: Ansis Atteka
Let me know, if you want me to independently verify that as well?
>
>
> diff --git a/NEWS b/NEWS
>
switch.xml b/vswitchd/vswitch.xml
> index e73023d..6381cc8 100644
> --- a/vswitchd/vswitch.xml
> +++ b/vswitchd/vswitch.xml
> @@ -2008,6 +2008,9 @@
>
> An Ethernet over RFC 2890 Generic Routing Encapsulation over
> IPv4/IPv6
> IPsec tun
On Fri, Sep 23, 2016 at 1:12 AM, pravin shelar wrote:
> On Thu, Sep 22, 2016 at 11:59 AM, Ansis Atteka wrote:
>>
>>
>> On 20 September 2016 at 20:52, Pravin B Shelar wrote:
>>>
>>> OVS IPsec tunnel support has issues:
>>> 1. It only works for GRE
restorecon' is unavailable, this should be a no-op.
>
> VMware-BZ: #1732672
>
> Signed-off-by: Joe Stringer
> Acked-by: Ansis Atteka
>
Thanks for taking care of this. I just did a basic test and I think your V2
patch is a good enhancement.
> ---
> v2: Only restore context
restorecon' is unavailable, this should be a no-op.
>
> VMware-BZ: #1732672
>
> Signed-off-by: Joe Stringer
Acked-by: Ansis Atteka
I could give Tested-by, but only in 12 hours, if you are willing to wait.
One thing that caught my attention is that "restorecon -R /" may t
On 20 September 2016 at 20:52, Pravin B Shelar wrote:
> OVS IPsec tunnel support has issues:
> 1. It only works for GRE.
2. only works on Debian.
3. It does not allow user to match on packet-mark
>on packet received on tunnel ports.
> Therefore following patch provide alternative to com
On 30 August 2016 at 02:21, Jesse Gross wrote:
> On Mon, Aug 29, 2016 at 11:57 AM, Ansis Atteka wrote:
> > If ipsec_gre tunnel configuration is changed in OVSDB,
> > then GRE packets may sometimes exit unencrypted until
> > per-tunnel IPsec policies are installed by ovs-mon
)
Signed-off-by: Ansis Atteka
Reported-by: Steffen Birkeland
---
debian/control | 1 +
debian/ovs-monitor-ipsec | 16 ++--
tests/ofproto-macros.at | 7 +++
3 files changed, 22 insertions(+), 2 deletions(-)
diff --git a/debian/control b/debian/control
index 480ff5c
On Jul 21, 2016 2:08 PM, "Jarno Rajahalme" wrote:
>
> Looks good to me:
>
> Acked-by: Jarno Rajahalme
>
Thanks. Can you also review patch 1/2?
> > On Jul 19, 2016, at 2:25 PM, Ansis Atteka wrote:
> >
> > There are two issues that this patch fixes:
On 14 July 2016 at 02:22, Jarno Rajahalme wrote:
>
> > On Jul 13, 2016, at 9:01 PM, Ansis Atteka wrote:
> >
> > There are two issues that this patch fixes:
> > 1. it was impossible to set skb mark at all through
> > NXM_NX_PKT_MARK register for tunnel pack
patch also adds anti-regression tests to prevent such
breakages in the future.
Signed-off-by: Ansis Atteka
VMware-BZ: #1653178
---
ofproto/tunnel.c | 3 +-
tests/tunnel.at | 120 +++
2 files changed, 122 insertions(+), 1 deletion(-)
di
This OVS_MONITOR_IPSEC_START macro will be helpful in the next
patch where it will be used also from tests/tunnel.at file to test
that skb marking happens correctly. Otherwise, without ovs-monitor-ipsec
running the ovs-vswitchd would refuse to configure ipsec_XXX tunnels.
Signed-off-by: Ansis
patch also adds anti-regression tests to prevent such
breakages in the future.
Signed-off-by: Ansis Atteka
VMware-BZ: #1653178
---
ofproto/tunnel.c | 4 +-
tests/tunnel.at | 120 +++
2 files changed, 122 insertions(+), 2 deletions(-)
di
This OVS_MONITOR_IPSEC_START macro will be helpful in the next
patch where it will be used also from tests/tunnel.at file to test
that skb marking happens correctly. Otherwise, without ovs-monitor-ipsec
running the ovs-vswitchd would refuse to configure ipsec_XXX tunnels.
Signed-off-by: Ansis
On Wed, Jul 6, 2016 at 7:24 AM, Aaron Conole wrote:
> Aaron Conole writes:
>
>> Daniele Di Proietto writes:
>>
>>> On 10/06/2016 10:51, "Aaron Conole" wrote:
>>>
Aaron Conole writes:
> Christian Ehrhardt writes:
>
>> On Tue, May 24, 2016 at 4:10 PM, Aaron Conole wrote:
>
On 29 June 2016 at 18:24, Sairam Venugopal wrote:
> Thanks for fixing this. I just sent out a patch for fixing the same.
>
> Acked-by: Sairam Venugopal
>
Thanks, for review. I pushed it.
Sorry for wasting your cycles on this.
>
>
>
> On 6/29/16, 6:16 PM, "Ans
Patch 81d2f75c (bridge: allow OVS to interact with controller
through sockets outside run dir) broke windows build. This patch
fixes that.
Signed-off-by: Ansis Atteka
---
lib/daemon.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lib/daemon.h b/lib/daemon.h
index b035055
On 27 June 2016 at 19:52, Jesse Gross wrote:
> On Mon, Jun 27, 2016 at 7:20 PM, Ansis Atteka wrote:
> > Currently Open vSwitch is unable to create or connect to Unix Domain
> > Sockets outside designated 'run' directory, because of fear of potential
> > remote
On 27 June 2016 at 11:37, Jesse Gross wrote:
> On Sat, Jun 25, 2016 at 4:38 PM, Ansis Atteka wrote:
> > diff --git a/lib/daemon.h b/lib/daemon.h
> > index 4990415..742f382 100644
> > --- a/lib/daemon.h
> > +++ b/lib/daemon.h
> [...]
> > +extern bool self_c
to disable self-confinement
for other things like DPDK vhost-user sockets or anything else
that is specifiable in OVSDB with full path.
Signed-off-by: Ansis Atteka
VMware-BZ: #1525857
---
NEWS | 2 ++
lib/daemon-syn.man | 1 +
lib/daemon.c | 22 +
On 22 June 2016 at 15:44, Ben Pfaff wrote:
> On Mon, Jun 20, 2016 at 02:19:40PM -0700, Ansis Atteka wrote:
> > Currently Open vSwitch is unable to create or connect to Unix Domain
> > Sockets outside designated 'run' directory, because of fear of potential
> >
to disable self-confinement
for other things like DPDK vhost-user sockets or anything else
that is specifiable in OVSDB with full path.
Signed-off-by: Ansis Atteka
VMware-BZ: #1525857
---
NEWS | 2 ++
lib/daemon-syn.man | 1 +
lib/daemon.c | 14 ++
lib/daemon
On 24 June 2016 at 13:00, Russell Bryant wrote:
> On Thu, Jun 23, 2016 at 10:04 PM, Ansis Atteka wrote:
>
> > This patch fixes following error:
> >
> > error: Installed (but unpackaged) file(s) found:
> >/usr/bin/ovs-tcpdump
> >/usr/share/man/man8/ov
This patch fixes following error:
error: Installed (but unpackaged) file(s) found:
/usr/bin/ovs-tcpdump
/usr/share/man/man8/ovs-tcpdump.8.gz
Signed-off-by: Ansis Atteka
---
rhel/openvswitch.spec.in | 2 ++
1 file changed, 2 insertions(+)
diff --git a/rhel/openvswitch.spec.in b/rhel
On 8 June 2016 at 17:17, Ansis Atteka wrote:
>
>
> On 8 June 2016 at 16:45, Ansis Atteka wrote:
>
>>
>>
>> On 8 June 2016 at 14:02, Ben Pfaff wrote:
>>
>>> On Thu, Jun 02, 2016 at 07:47:33PM -0700, Ansis Atteka wrote:
>>> > Before thi
because perhaps OVSDB manager is running on the same host
as OVS.
Signed-off-by: Ansis Atteka
VMware-BZ: #1525857
---
lib/daemon.c | 14 ++
lib/daemon.h | 14 ++
utilities/ovs-ctl.in | 18 +++---
vswitchd/bridge.c| 5 +++--
4 files changed
On 13 June 2016 at 14:36, Aaron Conole wrote:
> Daniele Di Proietto writes:
>
> > On 10/06/2016 10:51, "Aaron Conole" wrote:
> >
> >>Aaron Conole writes:
> >>
> >>> Christian Ehrhardt writes:
> >>>
> On Tue, May 24, 2016 at 4:10 PM, Aaron Conole
> wrote:
>
> > Daniele Di Proiet
On 10 June 2016 at 10:51, Aaron Conole wrote:
> Aaron Conole writes:
>
> > Christian Ehrhardt writes:
> >
> >> On Tue, May 24, 2016 at 4:10 PM, Aaron Conole
> wrote:
> >>
> >>> Daniele Di Proietto writes:
> >>>
> >>> > Hi Aaron,
> >>> >
> >>> > I'm still a little bit nervous about calling cho
On 8 June 2016 at 16:45, Ansis Atteka wrote:
>
>
> On 8 June 2016 at 14:02, Ben Pfaff wrote:
>
>> On Thu, Jun 02, 2016 at 07:47:33PM -0700, Ansis Atteka wrote:
>> > Before this patch OVS refused to connect to a local controller that
>> > had its Unix Do
On 8 June 2016 at 14:02, Ben Pfaff wrote:
> On Thu, Jun 02, 2016 at 07:47:33PM -0700, Ansis Atteka wrote:
> > Before this patch OVS refused to connect to a local controller that
> > had its Unix Domain Socket outside Open vSwitch run directory (e.g.
> > outside
Before this patch OVS refused to connect to a local controller that
had its Unix Domain Socket outside Open vSwitch run directory (e.g.
outside '/var/run/openvswitch/').
After this patch this restriction imposed by Open vSwitch itself is
abandoned and OVS should be able to connect to controller's
On 1 June 2016 at 12:51, Aaron Conole wrote:
> Ansis Atteka writes:
>
> > On 20 May 2016 at 13:32, Aaron Conole wrote:
> >
> >> Currently, when using Open vSwitch with DPDK and qemu guests, the
> >> recommended
> >> method for joining the gu
On 20 May 2016 at 13:32, Aaron Conole wrote:
> Currently, when using Open vSwitch with DPDK and qemu guests, the
> recommended
> method for joining the guests is via the dpdkvhostuser interface. This
> interface uses Unix Domain sockets to communicate. When these sockets are
> created, they inher
On 31 May 2016 at 10:59, Ansis Atteka wrote:
>
>
> On 31 May 2016 at 09:36, Daniel P. Berrange wrote:
>
>> On Mon, May 30, 2016 at 01:27:46PM -0700, Ansis Atteka wrote:
>> > On Mon, May 30, 2016 at 12:29 AM, Christian Ehrhardt
>> > wrote:
>> > &g
On 31 May 2016 at 09:36, Daniel P. Berrange wrote:
> On Mon, May 30, 2016 at 01:27:46PM -0700, Ansis Atteka wrote:
> > On Mon, May 30, 2016 at 12:29 AM, Christian Ehrhardt
> > wrote:
> > > On Tue, May 24, 2016 at 4:10 PM, Aaron Conole
> wrote:
> > >
On Mon, May 30, 2016 at 12:29 AM, Christian Ehrhardt
wrote:
> On Tue, May 24, 2016 at 4:10 PM, Aaron Conole wrote:
>
>> Daniele Di Proietto writes:
>>
>> > Hi Aaron,
>> >
>> > I'm still a little bit nervous about calling chown on a (partially)
>> > user controlled file name.
>>
>> I agree, that
On 6 May 2016 at 07:46, Numan Siddique wrote:
> This patch adds a new OVN action 'dhcp_offer' to support native
> DHCP in OVN.
>
> 'dhcp_offer' takes the DHCP options as input params.
> Eg. dhcp_offer(offerip = 10.0.0.4, router = 10.0.0.1,
>netmask = 255.255.255.0, lease_time = 360
On 29 April 2016 at 09:53, William Tu wrote:
> Looks good to me.
>
>> I had to stop and think a little bit about the ofpact_finish()
>> function's API. It gives freedom to its caller to specify whatever it
>> wants as second 'ofpact' argument. However, at the end of the day
>> ofpact_finish() asse
On 28 April 2016 at 14:13, Joe Stringer wrote:
> When decoding the 'note' action, variable-length data could be pushed to
> a buffer immediately prior to calling ofpact_finish_NOTE(). The
> ofpbuf_put() could cause reallocation, in which case the finish call
> could access freed memory. Fix the is
On Mon, Apr 11, 2016 at 8:27 AM, Gurucharan Shetty wrote:
> The following command on ubuntu 12.04 returns null:
> expr "mtu 1500" : '.*mtu \([0-9]+\)'
>
> But the following works correctly:
> expr "mtu 1500" : '.*mtu \([0-9]\+\)'
>
> I am not sure about the portability implications as there
> seem
On 23 February 2016 at 13:15, Ben Pfaff wrote:
> On Sat, Feb 13, 2016 at 01:56:01PM -0800, Ansis Atteka wrote:
> > Otherwise, "ovs-ctl force-reload-kmod ..." command fails with:
> >
> > Detected internal interfaces: br-int p1[ OK ]
> >
On 22 February 2016 at 20:18, Flavio Leitner wrote:
> On Mon, 15 Feb 2016 17:40:25 -0800
> Ansis Atteka wrote:
>
> > From: Ansis Atteka
> >
> > CentOS, RHEL and Fedora distributions ship with their own Open vSwitch
> > SELinux policy that is too strict
On 16 February 2016 at 07:33, Aaron Conole wrote:
> Thanks for this work, Ansis!
>
> Ansis Atteka writes:
>
> > From: Ansis Atteka
> >
> > CentOS, RHEL and Fedora distributions ship with their own Open vSwitch
> > SELinux policy that is too strict and preven
From: Ansis Atteka
CentOS, RHEL and Fedora distributions ship with their own Open vSwitch
SELinux policy that is too strict and prevents Open vSwitch to work
normally out of the box.
As a solution, this patch introduces a new package which will "loosen"
up "openvswitch_t" SE
Otherwise, "ovs-ctl force-reload-kmod ..." command fails with:
Detected internal interfaces: br-int p1[ OK ]
Saving flows /usr/share/openvswitch/scripts/ovs-ctl:
line 267: /usr/share/openvswitch/scripts/ovs-save: No such file or directory
On 5 February 2016 at 00:53, Aaron Conole wrote:
> Hi Ansis,
>
> Ansis Atteka writes:
> > On 2 February 2016 at 17:56, Daniele Di Proietto >
> > wrote:
> >
> >> If ovs-vswitchd crashes, it will not be able to recreate the same
> >> vhost user p
On 2 February 2016 at 23:33, Serge Hallyn wrote:
> Quoting Ansis Atteka (ansisatt...@gmail.com):
> > On 29 January 2016 at 12:10, Serge Hallyn
> wrote:
> > > Sorry I've not really had anything to add here, I'm just not familiar
> > > enough with the ovs c
On 2 February 2016 at 17:56, Daniele Di Proietto
wrote:
> If ovs-vswitchd crashes, it will not be able to recreate the same
> vhost user ports, since the socket will still be in the file system.
>
> This commit introduces an unlink() before creation to remove an eventual
> preexisting vhost user
On 29 January 2016 at 12:10, Serge Hallyn wrote:
> Quoting Christian Ehrhardt (christian.ehrha...@canonical.com):
> > On Wed, Jan 27, 2016 at 8:26 PM, Ansis Atteka
> wrote:
> >
> > >
> > >
> > > On 27 January 2016 at 02:30, Christian Ehrhardt &l
On Fri, Dec 18, 2015 at 10:27 AM, Aaron Conole wrote:
> The current DPDK vhost socket user and group permissions are derived
> during creation from the DPDK library. This patch adds an action, post
> socket creation, to change the socket permissions and ownership to
> support multi-user systems.
>
On 27 January 2016 at 12:42, Flavio Leitner wrote:
> On Tue, 19 Jan 2016 22:50:26 -0800
> Ansis Atteka wrote:
>
> > CentOS, RHEL and Fedora distributions ship with their own Open vSwitch
> > SELinux policy that is too strict and prevents Open vSwitch to work
> &
On 27 January 2016 at 02:30, Christian Ehrhardt <
christian.ehrha...@canonical.com> wrote:
>
> On Wed, Jan 27, 2016 at 9:29 AM, Ansis Atteka
> wrote:
>
>>
>>
>> On 26 January 2016 at 11:07, Christian Ehrhardt <
>> christian.ehrha...@canonical.com>
E connect(5, AF=1
> "/var/run/openvswitch/vhost-user-1", 35): Permission denied
> $ sudo chown root:kvm /var/run/openvswitch/vhost-user-1
> $ sudo chmod g+w /var/run/openvswitch/vhost-user-1
> srwxrwxr-x 1 root kvm 0 Jan 26 10:47 vhost-user-1=
> $ sudo -u libvirt-qemu s
On 26 January 2016 at 11:06, Aaron Conole wrote:
> I should be on the discuss mailing list. Let me just state a big _YES_ I
> am working on this problem from multiple facets.
> Ansis Atteka writes:
> > Hi,
> >
> >
> > In fact I think we should remove
Hi,
In fact I think we should remove any Discretionary Access Control (--user) and
?implement proper Mandatory Access Control (SELinux and Apparmor) support.
Unless anyone can bring up a good case to keep and/or extend DAC feature in OVS.
The link you posted seems to mention Apparmor as the r
On Thu, Jan 21, 2016 at 2:09 PM, Russell Bryant wrote:
> On 01/20/2016 05:59 PM, Ansis Atteka wrote:
>> CentOS, RHEL and Fedora distributions ship with their own Open vSwitch
>> SELinux policy that is too strict and prevents Open vSwitch to work
>> normally out of the box
On 20 January 2016 at 16:13, Ansis Atteka wrote:
>
>
> On 20 January 2016 at 15:36, Ben Pfaff wrote:
>
>> On Wed, Jan 20, 2016 at 03:34:49PM -0800, Ben Pfaff wrote:
>> > On Wed, Jan 20, 2016 at 02:59:03PM -0800, Ansis Atteka wrote:
>> > > CentOS, RHEL a
On 20 January 2016 at 15:36, Ben Pfaff wrote:
> On Wed, Jan 20, 2016 at 03:34:49PM -0800, Ben Pfaff wrote:
> > On Wed, Jan 20, 2016 at 02:59:03PM -0800, Ansis Atteka wrote:
> > > CentOS, RHEL and Fedora distributions ship with their own Open vSwitch
> > > SELinux po
an package
for Ubuntu, because it works on default Ubuntu installation.
Signed-Off-By: Ansis Atteka
---
INSTALL.SELinux.md | 133 +++
Makefile.am | 2 +
README.md| 2 +
rhel/.gitignore
enied
I did not test all Open vSwitch features so there still could be some
OVS configuration that would get "Permission denied" errors.
Since, Open vSwitch daemons on Ubuntu 15.10 by default run under "unconfined"
SELinux domain, then there is no need to create a similar debia
On 4 January 2016 at 10:18, Ben Pfaff wrote:
> On Mon, Jan 04, 2016 at 09:36:34AM -0800, Ansis Atteka wrote:
> > On Wed, Dec 23, 2015 at 9:41 AM, Ben Pfaff wrote:
> > > I think maybe you misinterpreted what I meant when I said "every
> > > caller". When I s
On Wed, Dec 23, 2015 at 9:41 AM, Ben Pfaff wrote:
> I think maybe you misinterpreted what I meant when I said "every
> caller". When I said that, I meant "every program that invokes
> ovs-vsctl", not the entire call stack.
William came to me to discuss this approach, If we both understood it
cor
On 22 December 2015 at 22:11, Ben Pfaff wrote:
> On Tue, Dec 22, 2015 at 06:41:35PM -0800, Ansis Atteka wrote:
> > Open vSwitch 1.3 and older was creating certificates and private
> > key in /usr/share/openvswitch/pki. However, since PKI directory
> > is mutable, then this
would be, if someone would be upgrading from Open vSwitch
1.3 or older version directly to 2.5 without using any intermediary
upgrade releases.
Signed-Off-By: Ansis Atteka
---
debian/openvswitch-pki.postinst| 8
debian/openvswitch-pki.postrm | 5 -
debian
On 21 December 2015 at 15:46, Ansis Atteka wrote:
>
>
> On 27 November 2015 at 05:35, Flavio Leitner wrote:
>
>> On Fri, Nov 20, 2015 at 03:33:20AM -0800, Andy Zhou wrote:
>> > Make RHEL systemd distributions start OVS and OVN daemons under user
>> > o
On 27 November 2015 at 05:35, Flavio Leitner wrote:
> On Fri, Nov 20, 2015 at 03:33:20AM -0800, Andy Zhou wrote:
> > Make RHEL systemd distributions start OVS and OVN daemons under user
> > ovs. The 'ovs' user and group will be created at the openvswitch RPM
> > installtion time.
> >
>
Hi Flavio.
On 23 October 2015 at 02:09, Babu Shanmugam wrote:
> The DHCP packets can be of two types
> (1) DHCP Discover
> (2) DHCP Request
>
> For (1), the controller should respond with DHCP offer and for (2),
> either DHCP Ack or DHCP Nack should be sent. In this patch, DHCP Nack
> is never sent. In case
> +VLOG_FATAL("Failed to change log file ownership.");
>
I would print errno value here and the file name you are actually trying to
change the ownership for. It would simply provide a hint to the users on
what was actually wrong, if it failed.
VLOG_FATAL("Failed to change %s ownership: %s", log_file_name,
ovs_strerror(errno));
And early return from function if log_file_name is NULL to make code look
better.
+}
> +}
> +
>
Otherwise, Acked-by: Ansis Atteka
Thanks for working on this, Andy.
___
dev mailing list
dev@openvswitch.org
http://openvswitch.org/mailman/listinfo/dev
On Mon, Nov 9, 2015 at 12:43 PM, Andy Zhou wrote:
> vlog log file can be created when parsing --log-file option, before
> switching user, in case the --user option is also specified. While this
> does not directly cause errors for the running daemons, it can
> leave the log files on the disk looks
On Mon, Nov 9, 2015 at 12:43 PM, Andy Zhou wrote:
> By default, Unix domain sockets are created with file system permission
> mode of 0700. This means that only processes that runs under the same
> user can access this socket.
>
> For OVS, it may be more convenient to control access at the group
>
On 9 November 2015 at 12:43, Andy Zhou wrote:
> A global variable 'switch_user' was used to make sure
> we switch process's current user only once. This logic is now
> simplified by testing for uid directly; if switch process has
> taken place, the current uid will be not be zero.
>
> Signed-off-
On 10 October 2015 at 01:10, Andy Zhou wrote:
> By default, Unix domain sockets are created with file system permission
> mode of 0700. Only the process of the belongs to the same user can
>
How about:
s/Only the process of the belongs to the same user/This means that only
processes that run unde
On 10 October 2015 at 01:07, Andy Zhou wrote:
> vlog log file can be created when parsing --log-file option, before
switch user, in case the --user option is also specified. This
>
this does not read fluently. How about:
s/switch user/switching user?
does not directly causing errors for the r
On Sat, Oct 10, 2015 at 1:07 AM, Andy Zhou wrote:
> Global variable 'switch_user' is no longer needed to make sure
> user switch only happens once per process. Testing for uid directly
> simplifies the logic; if switch process has taken place, then the
> currnet uid can not be zero.
s/currnet/curr
On Tue, Nov 3, 2015 at 4:22 PM, Ben Pfaff wrote:
> On Tue, Nov 03, 2015 at 04:19:16PM -0800, Ansis Atteka wrote:
>> It is very easy to misuse these macros, because when the COMMAND
>> returns exit code "0" it is actually considered as if condition
>> evaluated to
It is very easy to misuse these macros, because when the COMMAND
returns exit code "0" it is actually considered as if condition
evaluated to "true" and not "false" as some might think.
This patch ensures that this is clearly reflected in documentation.
Signed-of
On Tue, Nov 3, 2015 at 4:07 PM, Ben Pfaff wrote:
> On Tue, Nov 03, 2015 at 04:04:33PM -0800, Ansis Atteka wrote:
>> It is very easy to misuse these macros, because when the COMMAND
>> returns exit code "0" it is actually considered as if condition
>> evaluated to
It is very easy to misuse these macros, because when the COMMAND
returns exit code "0" it is actually considered as if condition
evaluated to "true" and not "false" as some might think.
This patch ensures that this is clearly reflected in documentation.
Signed-of
On 2 November 2015 at 13:08, Saurabh Mohan
wrote:
> On 10/16/2015 01:55 PM, Saurabh Mohan wrote:
>
>> On 10/16/2015 11:32 AM, Ansis Atteka wrote:
>>
>>> On Thu, Oct 15, 2015 at 4:52 PM, Saurabh Mohan
>>> wrote:
>>>
>>>> On 10/15/2015 01:5
On Thu, Oct 15, 2015 at 4:52 PM, Saurabh Mohan
wrote:
> On 10/15/2015 01:55 PM, Ansis Atteka wrote:
>>
>> On Wed, Oct 14, 2015 at 5:33 PM, Saurabh Mohan
>> wrote:
>>>
>>> On 10/14/2015 04:58 PM, Ansis Atteka wrote:
>>>>
>>
On Wed, Oct 14, 2015 at 5:33 PM, Saurabh Mohan
wrote:
> On 10/14/2015 04:58 PM, Ansis Atteka wrote:
>>
>> On Wed, Oct 14, 2015 at 4:08 PM, Ben Pfaff wrote:
>>>
>>> On Wed, Oct 14, 2015 at 03:28:24PM -0700, Joe Stringer wrote:
>>>>
>&
>> We recently changed it from kernel/ to kernel/updates (prior to v2.4
>> release), and the commit message suggests it was previously
>> nondeterministic:
>>
>> commit b519432205c36bda5c7331f77a49eaaa919967ad
>> Author: Ansis Atteka
>> Date: Tue May
On Wed, Oct 7, 2015 at 8:20 PM, Andy Zhou wrote:
> On Wed, Oct 7, 2015 at 6:49 PM, Ansis Atteka wrote:
>> On Mon, Oct 5, 2015 at 6:38 PM, Andy Zhou wrote:
>>
>> Thanks Andy for doing this! I will have another more careful look at
>> this patch tomorrow, because I thi
On Tue, Oct 6, 2015 at 3:22 PM, Russell Bryant wrote:
> On 10/06/2015 08:20 PM, Flavio Leitner wrote:
>> On Sun, Oct 04, 2015 at 03:20:08PM -0700, Ansis Atteka wrote:
>>> Mention:
>>> 1. that these instructions have been tested with Fedora 22.
>>> 2. depen
On Mon, Oct 5, 2015 at 6:38 PM, Andy Zhou wrote:
Thanks Andy for doing this! I will have another more careful look at
this patch tomorrow, because I think I somehow managed to get into a
state where after installing debian packages /etc/openvswitch still
belonged to root.
> Changes to Debian pa
On 5 October 2015 at 18:38, Andy Zhou wrote:
> Add option to ovs-ctl script to specify whether to start the daemons as
> root user or ovs user. The default is 'run-as-root', which preserve
>
s/preserve/preserves
> the scripts' current behavior.
>
s/script/script's
>
> Signed-off-by: Andy Zhou
On 5 October 2015 at 18:38, Andy Zhou wrote:
> Replace hard coded root user and group with OVS_USER and OVS_GROUP.
>
> Signed-off-by: Andy Zhou
> ---
> utilities/ovs-ctl.in | 3 +++
> utilities/ovs-lib.in | 6 +++---
> 2 files changed, 6 insertions(+), 3 deletions(-)
>
> diff --git a/utilities/
On Tue, Oct 6, 2015 at 10:32 AM, Ansis Atteka wrote:
> On Mon, Oct 5, 2015 at 6:38 PM, Andy Zhou wrote:
>> libcap-ng is going to be required to build Debian packages. Daemons
>> will run as the ovs user and group, instead of root, to improve
>> security.
>>
>>
On Mon, Oct 5, 2015 at 6:38 PM, Andy Zhou wrote:
> libcap-ng is going to be required to build Debian packages. Daemons
> will run as the ovs user and group, instead of root, to improve
> security.
>
> Signed-off-by: Andy Zhou
I would also update ./debian/control file corresponding sections.
Basi
On Sun, Oct 4, 2015 at 6:19 PM, Kyle Mestery wrote:
> On Sun, Oct 4, 2015 at 5:20 PM, Ansis Atteka wrote:
>>
>> Mention:
>> 1. that these instructions have been tested with CentOS 7 (which is
>>almost identical distribution to RHEL 7).
>> 2. directory where
On Sun, Oct 4, 2015 at 6:19 PM, Kyle Mestery wrote:
> On Sun, Oct 4, 2015 at 5:20 PM, Ansis Atteka wrote:
>>
>> Mention:
>> 1. that these instructions have been tested with Fedora 22.
>> 2. dependencies that need to be installed on Fedora 22. Otherwise,
>>rp
On Fri, Oct 2, 2015 at 12:52 PM, Andy Zhou wrote:
> On Fri, Oct 2, 2015 at 6:06 AM, Flavio Leitner wrote:
>> On Thu, Oct 01, 2015 at 03:47:12PM -0700, Andy Zhou wrote:
>>> > Our default systemd unit files don't make use of the --user option that
>>> > requires this library, but conceivably someon
default on CentOS by the way).
Signed-off-by: Ansis Atteka
---
rhel/openvswitch.spec.in | 1 +
1 file changed, 1 insertion(+)
diff --git a/rhel/openvswitch.spec.in b/rhel/openvswitch.spec.in
index 0ec65be..4a2076c 100644
--- a/rhel/openvswitch.spec.in
+++ b/rhel/openvswitch.spec.in
@@ -120,6
dy.
4. directory where rpm packages that were just built can be found.
5. mention SElinux implications that could prevent OVS from starting,
if not using designated OVS directories.
Signed-off-by: Ansis Atteka
---
INSTALL.Fedora.md | 33 +++--
1 file changed, 27 inser
directories.
Signed-off-by: Ansis Atteka
---
INSTALL.RHEL.md | 11 ++-
1 file changed, 10 insertions(+), 1 deletion(-)
diff --git a/INSTALL.RHEL.md b/INSTALL.RHEL.md
index 8746bc6..9aefc09 100644
--- a/INSTALL.RHEL.md
+++ b/INSTALL.RHEL.md
@@ -5,7 +5,7 @@ This document describes how to build and
Thanks for review, I pushed this after addressing typos.
On Mon, Sep 21, 2015 at 8:47 AM, Flavio Leitner wrote:
> On Sat, Sep 19, 2015 at 01:22:39PM -0700, Ansis Atteka wrote:
>> It seems that we haven't defined clear process on how features should
>> be removed from OVS. Th
Thanks for review, I pushed this.
On Tue, Sep 29, 2015 at 4:49 PM, Ben Pfaff wrote:
> On Sat, Sep 19, 2015 at 02:14:45PM -0700, Ansis Atteka wrote:
>> On 19 September 2015 at 09:37, Ben Pfaff wrote:
>>
>> > On Fri, Sep 18, 2015 at 04:09:48PM -0700, Ansis Atteka wrote
On Tue, Sep 22, 2015 at 4:21 AM, Thadeu Lima de Souza Cascardo
wrote:
> On Sat, Sep 19, 2015 at 01:22:39PM -0700, Ansis Atteka wrote:
>> It seems that we haven't defined clear process on how features should
>> be removed from OVS. This patch attempts to document this process.
On Mon, Sep 14, 2015 at 3:54 PM, Andy Zhou wrote:
> Common implementation for daemons to support the --user option which
> accepts "user:group" string as input. Performs sanity check on the
> input, and store the converted uid and gid.
>
> daemon_become_new_user() needs to be called to make the ac
1 - 100 of 430 matches
Mail list logo