From patchwork Wed Sep 23 00:51:15 2015 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andy Zhou X-Patchwork-Id: 521524 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from archives.nicira.com (li376-54.members.linode.com [96.126.127.54]) by ozlabs.org (Postfix) with ESMTP id 9E4891401AF for ; Wed, 23 Sep 2015 10:52:02 +1000 (AEST) Received: from archives.nicira.com (localhost [127.0.0.1]) by archives.nicira.com (Postfix) with ESMTP id 845EB10A0A; Tue, 22 Sep 2015 17:51:36 -0700 (PDT) X-Original-To: dev@openvswitch.org Delivered-To: dev@openvswitch.org Received: from mx1e4.cudamail.com (mx1.cudamail.com [69.90.118.67]) by archives.nicira.com (Postfix) with ESMTPS id F2BD9109F3 for ; Tue, 22 Sep 2015 17:51:32 -0700 (PDT) Received: from bar5.cudamail.com (unknown [192.168.21.12]) by mx1e4.cudamail.com (Postfix) with ESMTPS id 390CB1E0366 for ; Tue, 22 Sep 2015 18:51:32 -0600 (MDT) X-ASG-Debug-ID: 1442969491-09eadd11e82cf9f0001-byXFYA Received: from mx1-pf1.cudamail.com ([192.168.24.1]) by bar5.cudamail.com with ESMTP id 1WRevQQ8DkxAOWre (version=TLSv1 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Tue, 22 Sep 2015 18:51:31 -0600 (MDT) X-Barracuda-Envelope-From: azhou@nicira.com X-Barracuda-RBL-Trusted-Forwarder: 192.168.24.1 Received: from unknown (HELO mail-pa0-f50.google.com) (209.85.220.50) by mx1-pf1.cudamail.com with ESMTPS (RC4-SHA encrypted); 23 Sep 2015 00:51:31 -0000 Received-SPF: unknown (mx1-pf1.cudamail.com: Multiple SPF records returned) X-Barracuda-Apparent-Source-IP: 209.85.220.50 X-Barracuda-RBL-IP: 209.85.220.50 Received: by pacfv12 with SMTP id fv12so24365268pac.2 for ; Tue, 22 Sep 2015 17:51:31 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=jjXTzH1K5vSbYr02w7dSe0S5wcU/PoRCrThEPsFgNwU=; b=SKolAs/sJMl+vbRP4juIwUIntZfTqqMDngEpdPC7rQH/u0GoH+k/RGGjRHgTKyxPIJ 6LwRcfV2USULyx1+ES2NI217+xlBNZBMMzc/7VWLg9zLqHwWddjnESsI8QQpB6IJvds2 ozG3KtZPjm4AWi9vBosjsy89TMlJblk4sTe17lcd5lURSALL1bPMIOYn7nq8WiixovMI ne/MmiBGCpnxuOjy+HA/ak6v8pKwneQ0yZioAzBG5l7Xeb6j4/iVdf8ZoENQaiJq9z5f QptzTWXCkkBntIbwCsKX+YfvFPpP2qs7PyL22+YdKFyha2wevkNTurt9tf3IOEMVumTC VrdQ== X-Gm-Message-State: ALoCoQmeE/tnGwAZYXUmK7oXiHquGruJhkz7DUt3b7ynOHfWex1QL4VveRboDg23HKWx1uMuxHLN X-Received: by 10.68.89.100 with SMTP id bn4mr34786395pbb.93.1442969491118; Tue, 22 Sep 2015 17:51:31 -0700 (PDT) Received: from ubuntu.localdomain ([208.91.1.34]) by smtp.gmail.com with ESMTPSA id qn5sm4441160pbc.74.2015.09.22.17.51.30 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Tue, 22 Sep 2015 17:51:30 -0700 (PDT) X-CudaMail-Envelope-Sender: azhou@nicira.com From: Andy Zhou To: dev@openvswitch.org X-CudaMail-Whitelist-To: dev@openvswitch.org X-CudaMail-MID: CM-E1-921114926 X-CudaMail-DTE: 092215 X-CudaMail-Originating-IP: 209.85.220.50 Date: Tue, 22 Sep 2015 17:51:15 -0700 X-ASG-Orig-Subj: [##CM-E1-921114926##][PATCH 6/8] ovs-dev.py: run operational commands as root Message-Id: <1442969477-11026-6-git-send-email-azhou@nicira.com> X-Mailer: git-send-email 1.9.1 In-Reply-To: <1442969477-11026-1-git-send-email-azhou@nicira.com> References: <1442969477-11026-1-git-send-email-azhou@nicira.com> X-Barracuda-Connect: UNKNOWN[192.168.24.1] X-Barracuda-Start-Time: 1442969491 X-Barracuda-Encrypted: DHE-RSA-AES256-SHA X-Barracuda-URL: https://web.cudamail.com:443/cgi-mod/mark.cgi X-ASG-Whitelist: Header =?UTF-8?B?eFwtY3VkYW1haWxcLXdoaXRlbGlzdFwtdG8=?= X-Virus-Scanned: by bsmtpd at cudamail.com X-Barracuda-BRTS-Status: 1 Subject: [ovs-dev] [PATCH 6/8] ovs-dev.py: run operational commands as root X-BeenThere: dev@openvswitch.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: dev-bounces@openvswitch.org Sender: "dev" Switch operational commands, run, kill, reset and modinst directly or indirectly read and writes files within the RUNDIR. Currently these commands run in the current user context, with some "sudo" commands thrown in to ensure daemons such as ovs-vswichd will be launched as root. This approach works fine as long as ovs-dev.py is always run as root, (but then the 'sudo' commands added are redundant). When invoking ovs-dev.py as non-root, files in RUNDIR will be mixed with root created file and non-root created files, making it confusing to decide whether to run ovs-appctl as root or not. Multiple invocations of ovs-dev.py as root or non-root causes permission issues since the same file created by a different user may no longer be accessible when user changes. This patch improves the situation by always run those four operational commands as root. When they are invoked as non-root, "sudo" will be used automatically by re-run the command with sudo. VARDIR will now always be access as root. The next patch will add --user and -u option to allow for downgrading to running all daemons as non-root. Signed-off-by: Andy Zhou Acked-by: Joe Stringer --- utilities/ovs-dev.py | 17 ++++++++++++++--- 1 file changed, 14 insertions(+), 3 deletions(-) diff --git a/utilities/ovs-dev.py b/utilities/ovs-dev.py index 82d946d..68c9a42 100755 --- a/utilities/ovs-dev.py +++ b/utilities/ovs-dev.py @@ -55,6 +55,11 @@ def uname(): return _sh("uname", "-r", capture=True)[0].strip() +def sudo(): + if os.geteuid() != 0: + _sh(" ".join(["sudo"] + sys.argv), check=True) + sys.exit(0) + def conf(): tag() @@ -186,15 +191,17 @@ commands.append(tag) def kill(): + sudo() for proc in ["ovs-vswitchd", "ovsdb-server"]: if os.path.exists("%s/run/openvswitch/%s.pid" % (VARDIR, proc)): _sh("ovs-appctl", "-t", proc, "exit", check=False) time.sleep(.1) - _sh("sudo", "killall", "-q", "-2", proc, check=False) + _sh("killall", "-q", "-2", proc, check=False) commands.append(kill) def reset(): + sudo() kill() if os.path.exists(VARDIR): shutil.rmtree(VARDIR) @@ -202,8 +209,8 @@ def reset(): _sh("ovs-dpctl", "del-dp", dp.strip()) commands.append(reset) - def run(): + sudo() kill() for d in ["log", "run"]: d = "%s/%s" % (VARDIR, d) @@ -257,7 +264,6 @@ def run(): "--suppressions=%s/tests/glibc.supp" % OVS_SRC, "--suppressions=%s/tests/openssl.supp" % OVS_SRC] + cmd else: - cmd = ["sudo"] + cmd opts = opts + ["-vconsole:off", "--detach", "--enable-dummy"] _sh(*(cmd + opts)) commands.append(run) @@ -268,6 +274,7 @@ def modinst(): print "Missing modules directory. Is this a Linux system?" sys.exit(1) + sudo() try: _sh("rmmod", "openvswitch") except subprocess.CalledProcessError, e: @@ -341,6 +348,10 @@ Commands: modinst - Build ovs and install the kernel module. env - Print the required path environment variable. doc - Print this message. + +Note: + If running as non-root user, "kill", "reset", "run" and "modinst" + will always run as the root user, by rerun the commands with "sudo". """ % {"ovs": OVS_SRC, "v": sys.argv[0], "run": VARDIR} sys.exit(0) commands.append(doc)