As far as RPMs are concerned, system-id.conf file is declared as being owned by openvswitch. At the first ovs startup, ovs-ctl creates this file if none exists without ensuring this.
We end up with an inconsistency: $ rpm -V openvswitch .....UG.. c /etc/openvswitch/system-id.conf Fix this when ovs-ctl is the one who creates the file. Note: this issue ends up being hidden after a RPM upgrade, since the openvswitch user is enforced on the whole /etc/openvswitch directory as a %post operation. Signed-off-by: David Marchand <[email protected]> --- utilities/ovs-ctl.in | 2 ++ utilities/ovs-lib.in | 10 +++++++--- 2 files changed, 9 insertions(+), 3 deletions(-) diff --git a/utilities/ovs-ctl.in b/utilities/ovs-ctl.in index e42f0f1..3bd8a6d 100644 --- a/utilities/ovs-ctl.in +++ b/utilities/ovs-ctl.in @@ -61,8 +61,10 @@ set_system_ids () { # Migrate from old file name. . "$uuid_file" SYSTEM_ID=$INSTALLATION_UUID + run_as_ovsuser touch "$id_file" echo "$SYSTEM_ID" > "$id_file" elif SYSTEM_ID=`uuidgen`; then + run_as_ovsuser touch "$id_file" echo "$SYSTEM_ID" > "$id_file" else log_failure_msg "missing uuidgen, could not generate system ID" diff --git a/utilities/ovs-lib.in b/utilities/ovs-lib.in index 7df672c..9a0af2e 100644 --- a/utilities/ovs-lib.in +++ b/utilities/ovs-lib.in @@ -387,17 +387,21 @@ move_ip_routes () { done } -ovsdb_tool () { +run_as_ovsuser() { if [ "$OVS_USER" != "" ]; then local uid=$(id -u "${OVS_USER%:*}") local gid=$(id -g "${OVS_USER%:*}") local groups=$(id -G "${OVS_USER%:*}" | tr ' ' ',') - setpriv --reuid "$uid" --regid "$gid" --groups "$groups" ovsdb-tool -vconsole:off "$@" + setpriv --reuid "$uid" --regid "$gid" --groups "$groups" "$@" else - ovsdb-tool -vconsole:off "$@" + "$@" fi } +ovsdb_tool () { + run_as_ovsuser ovsdb-tool -vconsole:off "$@" +} + create_db () { DB_FILE="$1" DB_SCHEMA="$2" -- 1.8.3.1 _______________________________________________ dev mailing list [email protected] https://mail.openvswitch.org/mailman/listinfo/ovs-dev
