On Fri, May 11, 2018 at 01:29:09AM +0000, Ansis Atteka wrote: > On Fri, 4 May 2018 at 11:28, Aaron Conole <[email protected]> wrote: > > > Currently, Open vSwitch on linux embeds the logic of loading and unloading > > kernel modules into the ovs-ctl and ovs-lib script files. This works, but > > it means that there is no way to leverage extended filesystem attributes > > to grant fine grain permissions relating to module loading. > > > The split out utility 'ovs-kmod-ctl' will be used in an upcoming commit > > for RHEL-based distributions to have a separate transition domain that > > will allow module loading to be given to a separate selinux domain from > > the openvswitch_t domain. > > One thing I have been thinking about recently is how we could containerize > Open vSwitch (not sure if that is even possible in feasible way). > > The idea would be that there would be, for example, Ubuntu based container > running OVS user space daemons installed from our deb packages. And the > "container host" would have Open vSwitch kernel module installed from our > dkms or kmod rpm packages. (or vice versa). > > Such design, I think, inevitably would require sometihing like ovs-kmod-ctl > utility distributed with the dkms or kmod kernel module package. > > This is something that does not requre action w.r.t. your series, but I > would be interested to hear your opinion if you have thought how to make > that happen...
I'd like to see this happen too. _______________________________________________ dev mailing list [email protected] https://mail.openvswitch.org/mailman/listinfo/ovs-dev
