On Wed, Jul 18, 2012 at 07:01:42AM -0700, Ben Pfaff wrote: > On Wed, Jul 18, 2012 at 10:00:49AM +0200, Bastian Blank wrote: > > On Tue, Jul 17, 2012 at 09:31:44AM -0700, Ben Pfaff wrote: > > > On Tue, Jul 17, 2012 at 03:20:40PM +0200, Bastian Blank wrote: > > > > openvswitch uses a db called /etc/openvswitch/conf.db. This file is > > > > programmatic modified and not user editable. This violates ยง10.7 of the > > > > policy. > > > Can you be more specific? 10.7.1 defines a configuration file as: > > > > > > A file that affects the operation of a program, or provides site- > > > or host-specific information, or otherwise customizes the behavior > > > of a program. Typically, configuration files are intended to be > > > modified by the system administrator (if needed or desired) to > > > conform to local policy or to provide more useful site-specific > > > behavior. > > > > This lacks the reference to FHS, which is a normative part of the > > policy: > > > > | The /etc hierarchy contains configuration files. A "configuration file" > > | is a local file used to control the operation of a program; it must be > > | static and cannot be an executable binary. > > > > > /etc/openvswitch/conf.db fits that description. The first sentence is > > > obviously true. > > > > No. It is no configuration file if it is not static. > > The FHS defines "static" as: > > "Static" files include binaries, libraries, documentation files and > other files that do not change without system administrator > intervention. "Variable" files are files that are not static. > > The system administrator runs ovs-vsctl to change > /etc/openvswitch/conf.db. > > > > The second is also true, since the system > > > administrator does modify the file. > > > > How does modifying this file with an editor work? > > It's somewhat challenging, because you have to calculate a sha1sum with > the sha1sum program, and the format isn't really intended for direct > human editing. But, as I said before (you dropped the quote), I do not > see anything in 10.7 that says that the administrator must be able to > edit a configuration file with a text editor. > > > How does it survive read-only /etc? > > If you have read-only /etc, then you can't modify your configuration, in > the same way you can't modify other parts of your configuration.
You haven't responded for a week, do you plan to or should I close this? Thanks, Ben. -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
