On Fri, Aug 4, 2017 at 2:31 PM, Russell Bryant <russ...@ovn.org> wrote: > On Fri, Aug 4, 2017 at 1:00 PM, Aaron Conole <acon...@redhat.com> wrote: >> Under rpm based distributions, the only user:group that the rhel daemons run >> as is 'root:root'. This is fine as a default, but as part of a security >> procedure, users may want to run as an alternate uid/gid. This commit >> adds an OVS_USER_ID environment variable for systemd, which defaults to >> root:root, but can be overridden by changing the /etc/sysconfig/openvswitch >> environment file. >> >> Acked-by: Markos Chandras <mchand...@suse.de> >> Signed-off-by: Aaron Conole <acon...@redhat.com> >> --- >> rhel/automake.mk | 1 + >> rhel/etc_openvswitch_default.conf | 5 +++++ >> rhel/openvswitch-fedora.spec.in | 4 ++++ >> rhel/usr_lib_systemd_system_ovs-vswitchd.service | 3 +++ >> rhel/usr_lib_systemd_system_ovsdb-server.service | 3 +++ >> rhel/usr_share_openvswitch_scripts_systemd_sysconfig.template | 3 +++ >> 6 files changed, 19 insertions(+) >> create mode 100644 rhel/etc_openvswitch_default.conf > > >> diff --git a/rhel/usr_share_openvswitch_scripts_systemd_sysconfig.template >> b/rhel/usr_share_openvswitch_scripts_systemd_sysconfig.template >> index 3050a07..fdaee00 100644 >> --- a/rhel/usr_share_openvswitch_scripts_systemd_sysconfig.template >> +++ b/rhel/usr_share_openvswitch_scripts_systemd_sysconfig.template >> @@ -21,3 +21,6 @@ >> # --ovsdb-server-wrapper=valgrind >> # >> OPTIONS="" >> + >> +# Uncomment and set the OVS User/Group value >> +#OVS_USER_ID="openvswitch:openvswitch" > > Is this really needed? How about just documenting the use of > --ovs-user with OPTIONS above?
Nevermind, I see how else this is being used once I read the next patch ... -- Russell Bryant _______________________________________________ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
