On 2/7/23 14:33, Vladislav Odintsov wrote: > Hi, > > sure, no problem. > Should I do in a separate patch or incorporate into this one?
NEWS entry should typically go together with the change, so you can 'git blame' the NEWS file and find the feature commit. So, in the same patch. Best regards, Ilya Maximets. > >> On 7 Feb 2023, at 15:35, Ilya Maximets <[email protected]> wrote: >> >> On 1/27/23 14:29, Vladislav Odintsov wrote: >>> This patch adds a new ovs-ctl option to pass umask configuration to allow >>> OVS daemons to set requested socket permissions on group. Previous >>> behaviour (if using with systemd service unit) created sockets with 0750 >>> permissions mask (group has no write permission). >>> >>> Write permission for group is reasonable in usecase, where ovs-vswitchd >>> or ovsdb-server runs as a non-privileged user:group (say, >>> openvswitch:openvswitch) and it is needed to access unix socket from >>> process running as another non-privileged user. In this case >>> administrator has to add that user to openvswitch group and can connect >>> to ovs sockets from that user. >>> >>> Previous behaviour (not setting umask) is left as default. >>> >>> Reported-at: >>> https://mail.openvswitch.org/pipermail/ovs-dev/2023-January/401501.html >>> Signed-off-by: Vladislav Odintsov <[email protected]> >>> --- >>> utilities/ovs-ctl.in | 8 ++++++++ >>> 1 file changed, 8 insertions(+) >> >> Hi. Could you, please, also add a NEWS entry for this change? >> Thanks! >> >> Best regards, Ilya Maximets. >> >>> >>> diff --git a/utilities/ovs-ctl.in b/utilities/ovs-ctl.in >>> index e6e07f476..b97d568c6 100644 >>> --- a/utilities/ovs-ctl.in >>> +++ b/utilities/ovs-ctl.in >>> @@ -334,6 +334,7 @@ set_defaults () { >>> SELF_CONFINEMENT=yes >>> MONITOR=yes >>> OVS_USER= >>> + OVS_UMASK= >>> OVSDB_SERVER=yes >>> OVS_VSWITCHD=yes >>> OVSDB_SERVER_PRIORITY=-10 >>> @@ -415,6 +416,8 @@ Other important options for "start", "restart" and >>> "force-reload-kmod": >>> add given key-value pair to Open_vSwitch external-ids >>> --delete-bridges delete all bridges just before starting ovs-vswitchd >>> --ovs-user="user[:group]" pass the --user flag to ovs daemons >>> + --ovs-umask=XXXX Set umask prior to run OVS daemons. >>> + This is needed to manage socket group permissions. >>> >>> Less important options for "start", "restart" and "force-reload-kmod": >>> --daemon-cwd=DIR set working dir for OVS daemons (default: >>> $DAEMON_CWD) >>> @@ -542,6 +545,11 @@ do >>> ;; >>> esac >>> done >>> + >>> +if [ -n "$OVS_UMASK" ]; then >>> + umask "$OVS_UMASK" >>> +fi >>> + >>> case $command in >>> start) >>> start_ovsdb || exit 1 >> >> _______________________________________________ >> dev mailing list >> [email protected] <mailto:[email protected]> >> https://mail.openvswitch.org/mailman/listinfo/ovs-dev >> <https://mail.openvswitch.org/mailman/listinfo/ovs-dev> > > > Regards, > Vladislav Odintsov > _______________________________________________ dev mailing list [email protected] https://mail.openvswitch.org/mailman/listinfo/ovs-dev
