| Message ID | 20180831185243.115867-3-martinxu9.ovs@gmail.com |
|---|---|
| State | Changes Requested |
| Headers | show |
| Series | [ovs-dev,v1,1/5] rhel: openvswitch-kmod-fedora.spec.in file bug fix | expand |
On Fri, Aug 31, 2018 at 11:52:41AM -0700, Martin Xu wrote: > Add "--with/without allow_unsupported_modules" flag for rpmbuild. With > this flag on, OVS kmod RPM sets allow_unsupported_modules to 1 if needed > in /etc/modprobe.d/10-unsupported-modules.conf during post-install. > Post-uninstall resets allow_unsupported_modules. Sorry, but I can't find why would anyone be interested in setting allow_unsupported_modules to any value. fbl > Signed-off-by: Martin Xu <martinxu9.ovs@gmail.com> > CC: Greg Rose <gvrose8192@gmail.com> > CC: Markos Chandras <mchandras@suse.de> > --- > rhel/openvswitch-kmod-fedora.spec.in | 15 +++++++++++++++ > 1 file changed, 15 insertions(+) > > diff --git a/rhel/openvswitch-kmod-fedora.spec.in b/rhel/openvswitch-kmod-fedora.spec.in > index 7b5c78606..bf045b585 100644 > --- a/rhel/openvswitch-kmod-fedora.spec.in > +++ b/rhel/openvswitch-kmod-fedora.spec.in > @@ -19,6 +19,9 @@ > #define kernel %{kernel_source} > %{?kversion:%define kernel %kversion} > > +# TODO: add comment > +%bcond_with modprobe_allow_unsupported > + > Name: openvswitch-kmod > Summary: Open vSwitch Kernel Modules > Group: System Environment/Daemons > @@ -80,6 +83,12 @@ install -p -m 0755 rhel/usr_share_openvswitch_scripts_ovs-kmod-manage.sh \ > rm -rf $RPM_BUILD_ROOT > > %post > +%if %{with modprobe_allow_unsupported} > +if [ -f "/etc/modprobe.d/10-unsupported-modules.conf" ]; then > + sed -i -e "s/allow_unsupported_modules\s\{1,\}0/allow_unsupported_modules 1/g" \ > + /etc/modprobe.d/10-unsupported-modules.conf > +fi > +%endif > current_kernel=$(uname -r) > IFS=. read installed_major installed_minor installed_micro installed_arch \ > installed_build <<<"${current_kernel##*-}" > @@ -103,6 +112,12 @@ fi > > %postun > if [ "$1" = 0 ]; then # Erase, not upgrade > +%if %{with modprobe_allow_unsupported} > +if [ -f "/etc/modprobe.d/10-unsupported-modules.conf" ]; then > + sed -i -e "s/allow_unsupported_modules\s\{1,\}1/allow_unsupported_modules 0/g" \ > + /etc/modprobe.d/10-unsupported-modules.conf > +fi > +%endif > for kname in `ls -d /lib/modules/*` > do > rm -rf $kname/weak-updates/openvswitch > -- > 2.12.3 > > _______________________________________________ > dev mailing list > dev@openvswitch.org > https://mail.openvswitch.org/mailman/listinfo/ovs-dev
On 03/09/18 19:11, Flavio Leitner wrote: > On Fri, Aug 31, 2018 at 11:52:41AM -0700, Martin Xu wrote: >> Add "--with/without allow_unsupported_modules" flag for rpmbuild. With >> this flag on, OVS kmod RPM sets allow_unsupported_modules to 1 if needed >> in /etc/modprobe.d/10-unsupported-modules.conf during post-install. >> Post-uninstall resets allow_unsupported_modules. > > Sorry, but I can't find why would anyone be interested in setting > allow_unsupported_modules to any value. > > fbl > I think that RPMs should not silently modify this file. This is something that needs to be decided by the user/administrator since it affects the security of the entire system.
On 9/4/2018 6:45 AM, Markos Chandras wrote: > On 03/09/18 19:11, Flavio Leitner wrote: >> On Fri, Aug 31, 2018 at 11:52:41AM -0700, Martin Xu wrote: >>> Add "--with/without allow_unsupported_modules" flag for rpmbuild. With >>> this flag on, OVS kmod RPM sets allow_unsupported_modules to 1 if needed >>> in /etc/modprobe.d/10-unsupported-modules.conf during post-install. >>> Post-uninstall resets allow_unsupported_modules. >> Sorry, but I can't find why would anyone be interested in setting >> allow_unsupported_modules to any value. >> >> fbl >> > I think that RPMs should not silently modify this file. This is > something that needs to be decided by the user/administrator since it > affects the security of the entire system. > Martin and I will take this offline and try to come up with something more acceptable. Thanks Markos! - Greg
diff --git a/rhel/openvswitch-kmod-fedora.spec.in b/rhel/openvswitch-kmod-fedora.spec.in index 7b5c78606..bf045b585 100644 --- a/rhel/openvswitch-kmod-fedora.spec.in +++ b/rhel/openvswitch-kmod-fedora.spec.in @@ -19,6 +19,9 @@ #define kernel %{kernel_source} %{?kversion:%define kernel %kversion} +# TODO: add comment +%bcond_with modprobe_allow_unsupported + Name: openvswitch-kmod Summary: Open vSwitch Kernel Modules Group: System Environment/Daemons @@ -80,6 +83,12 @@ install -p -m 0755 rhel/usr_share_openvswitch_scripts_ovs-kmod-manage.sh \ rm -rf $RPM_BUILD_ROOT %post +%if %{with modprobe_allow_unsupported} +if [ -f "/etc/modprobe.d/10-unsupported-modules.conf" ]; then + sed -i -e "s/allow_unsupported_modules\s\{1,\}0/allow_unsupported_modules 1/g" \ + /etc/modprobe.d/10-unsupported-modules.conf +fi +%endif current_kernel=$(uname -r) IFS=. read installed_major installed_minor installed_micro installed_arch \ installed_build <<<"${current_kernel##*-}" @@ -103,6 +112,12 @@ fi %postun if [ "$1" = 0 ]; then # Erase, not upgrade +%if %{with modprobe_allow_unsupported} +if [ -f "/etc/modprobe.d/10-unsupported-modules.conf" ]; then + sed -i -e "s/allow_unsupported_modules\s\{1,\}1/allow_unsupported_modules 0/g" \ + /etc/modprobe.d/10-unsupported-modules.conf +fi +%endif for kname in `ls -d /lib/modules/*` do rm -rf $kname/weak-updates/openvswitch
Add "--with/without allow_unsupported_modules" flag for rpmbuild. With this flag on, OVS kmod RPM sets allow_unsupported_modules to 1 if needed in /etc/modprobe.d/10-unsupported-modules.conf during post-install. Post-uninstall resets allow_unsupported_modules. Signed-off-by: Martin Xu <martinxu9.ovs@gmail.com> CC: Greg Rose <gvrose8192@gmail.com> CC: Markos Chandras <mchandras@suse.de> --- rhel/openvswitch-kmod-fedora.spec.in | 15 +++++++++++++++ 1 file changed, 15 insertions(+)