On 2/15/23 22:20, Vladislav Odintsov wrote: > Hi Ilya, > > Thats my bad - they were the initial names of options, which I renamed later > and missed this place before sending a patch. > I’m absolutely fine with proposed change. Please fold it while applying the > patch.
Thanks, Vladislav and Eelco! I updated the NEWS and applied the change. Best regards, Ilya Maximets. > > Thanks. > > regards, > Vladislav Odintsov > >> On 15 Feb 2023, at 22:25, Ilya Maximets <i.maxim...@ovn.org> wrote: >> >> On 2/10/23 17:02, Vladislav Odintsov wrote: >>> This patch adds new ovs-ctl options to pass umask configuration to allow >>> OVS daemons set requested socket permissions on group. Previous >>> behaviour (if using with systemd service unit) created sockets with 0750 >>> permissions mask (group has no write permission). >>> >>> Write permission for group is reasonable in usecase, where ovs-vswitchd >>> or ovsdb-server runs as a non-privileged user:group (say, >>> openvswitch:openvswitch) and it is needed to access unix socket from >>> process running as another non-privileged user. In this case >>> administrator has to add that user to openvswitch group and can connect >>> to OVS sockets from a process running under that user. >>> >>> Two new ovs-ctl options --ovsdb-server-umask and --ovs-vswitchd-umask >>> were added to manage umask values for appropriate daemons. This is >>> useful for systemd users: both ovs-vswitchd and ovsdb-server systemd >>> units read options from single /etc/sysconfig/openvswitch configuration >>> file. So, with separate options it is possible to set umask only for >>> specific daemon. >>> >>> OPTIONS="--ovsdb-server-umask=0002" >>> >>> in /etc/openvswitch/sysconfig file will set umask to 0002 value before >>> starting only ovsdb-server, while >>> >>> OPTIONS="--ovs-vswitchd-umask=0002" >>> >>> will set umask to ovs-vswitchd daemon. >>> >>> Previous behaviour (not setting umask) is left as default. >>> >>> Reported-at: >>> https://mail.openvswitch.org/pipermail/ovs-dev/2023-January/401501.html >>> Signed-off-by: Vladislav Odintsov <odiv...@gmail.com> >>> >>> --- >>> v2 -> v3: >>> - addressed Eelco's review comments. >>> >>> v1 -> v2: >>> - added item in NEWS file as Ilya's suggestion; >>> - addressed Eelco's review comments; >>> - moved umask call from ovs-ctl to ovs-lib; >>> - added restoration of umask to effective value before the umask change; >>> - previous version --ovs-umask option was split into two: >>> --ovs-vswitchd-umask and --ovsdb-server-umask in order to make >>> possible umask configuration for specific daemon when running with >>> systemd. >>> --- >>> NEWS | 7 +++++++ >>> utilities/ovs-ctl.in | 16 ++++++++++++---- >>> utilities/ovs-lib.in | 17 ++++++++++++++--- >>> 3 files changed, 33 insertions(+), 7 deletions(-) >>> >>> diff --git a/NEWS b/NEWS >>> index fe6055a27..f7df598bd 100644 >>> --- a/NEWS >>> +++ b/NEWS >>> @@ -4,6 +4,13 @@ Post-v3.1.0 >>> * OVS now collects per-interface upcall statistics that can be obtained >>> via 'ovs-appctl dpctl/show -s' or the interface's statistics column >>> in OVSDB. Available with upstream kernel 6.2+. >>> + - ovs-ctl: >>> + * Added support to set umask value when starting OVS daemons. New >>> options >>> + --ovsdb-server-umask=MODE and --ovs-vswitchd-umask=MODE were added >>> for >>> + that. For instance, when write access on befalf of OVS group is >>> needed >>> + for ovsdb-server, pass --ovsdb-umask=0002. Use --vswitchd-umask to >>> set >>> + umask ovs-vswitchd daemon umask. This will allow ovsdb-server or >>> + ovs-vswitchd to create sockets with access mode of 0770. >> >> The options in the example are incorrect. >> Also, the text seems slightly too extensive. >> >> What do you think about this: >> >> - ovs-ctl: >> * Added new options --[ovsdb-server|ovs-vswitchd]-umask=MODE to set umask >> value when starting OVS daemons. E.g., use --ovsdb-server-umask=0002 >> in order to create OVSDB sockets with access mode of 0770. >> >> ? >> >> I could fold this in while applying the change. >> >> Best regards, Ilya Maximets. _______________________________________________ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
