On Sat, Jan 6, 2018 at 2:41 AM, Marcos Felipe Schwarz <marcos.schw...@rnp.br> wrote: > Got it fixed. > > The problem was related to not setting the CAP_SYS_ADMIN capability at > daemon-unix.c. Follows the patch bellow to set the capability and dynamically > extract the group from OVS_USER_ID instead of forcing it to :hugetlbfs. > > diff --git a/lib/daemon-unix.c b/lib/daemon-unix.c > index 839114f3e..3b94164ea 100644 > --- a/lib/daemon-unix.c > +++ b/lib/daemon-unix.c > @@ -818,6 +818,9 @@ daemon_become_new_user_linux(bool access_datapath > OVS_UNUSED) > ret = capng_update(CAPNG_ADD, cap_sets, CAP_NET_ADMIN) > || capng_update(CAPNG_ADD, cap_sets, CAP_NET_RAW); > } > + if (!ret) { > + ret = capng_update(CAPNG_ADD, cap_sets, CAP_SYS_ADMIN); > + } > } else { > ret = -1; > } > diff --git a/rhel/usr_lib_systemd_system_ovs-vswitchd.service.in > b/rhel/usr_lib_systemd_system_ovs-vswitchd.service.in > index c6d9aa1b8..94290a847 100644 > --- a/rhel/usr_lib_systemd_system_ovs-vswitchd.service.in > +++ b/rhel/usr_lib_systemd_system_ovs-vswitchd.service.in > @@ -14,7 +14,7 @@ Environment=HOME=/var/run/openvswitch > EnvironmentFile=/etc/openvswitch/default.conf > EnvironmentFile=-/etc/sysconfig/openvswitch > @begin_dpdk@ > -ExecStartPre=-/usr/bin/chown :hugetlbfs /dev/hugepages > +ExecStartPre=-/bin/sh -c 'chown :$(echo $OVS_USER_ID | tr ":" "\n" | tail > -1) /dev/hugepages'
I think it's better to avoid using multiple useless forks, shell script parameter expansion are better in this case: ExecStartPre=-/bin/sh -c '/usr/bin/chown $${OVS_USER_ID##*:} /dev/hugepages' > ExecStartPre=-/usr/bin/chmod 0775 /dev/hugepages > @end_dpdk@ > ExecStart=/usr/share/openvswitch/scripts/ovs-ctl \ > > Regards, > > Marcos Schwarz _______________________________________________ discuss mailing list disc...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-discuss