[ovs-dev] [PATCH RFC 3/3] manager: Allow change to punix socket file group ownership.

[Alex Wang]

This commit adds a new key-value pair, 'punix_file_group=<user group>',
to the 'other_config' column in the 'Manager' table.  This new config
allows user to change the punix socket file's group ownership, so that
non-root process can also connect to ovsdb-server.

Signed-off-by: Alex Wang <al...@nicira.com>
---
 ovsdb/jsonrpc-server.c |    6 ++++++
 ovsdb/jsonrpc-server.h |    1 +
 ovsdb/ovsdb-server.c   |    2 ++
 vswitchd/vswitch.xml   |   16 ++++++++++++++++
 4 files changed, 25 insertions(+)

diff --git a/ovsdb/jsonrpc-server.c b/ovsdb/jsonrpc-server.c
index fffcb73..387a7a0 100644
--- a/ovsdb/jsonrpc-server.c
+++ b/ovsdb/jsonrpc-server.c
@@ -32,6 +32,7 @@
 #include "row.h"
 #include "server.h"
 #include "simap.h"
+#include "socket-util.h"
 #include "stream.h"
 #include "table.h"
 #include "timeval.h"
@@ -227,6 +228,11 @@ ovsdb_jsonrpc_server_set_remotes(struct 
ovsdb_jsonrpc_server *svr,
         }
 
         ovsdb_jsonrpc_session_set_all_options(remote, options);
+
+        if (!strncmp(node->name, "punix:", 6)) {
+            unix_socket_set_file_group(node->name + 6,
+                                       options->punix_file_group);
+        }
     }
 }
 
diff --git a/ovsdb/jsonrpc-server.h b/ovsdb/jsonrpc-server.h
index fce8b7b..36a15f3 100644
--- a/ovsdb/jsonrpc-server.h
+++ b/ovsdb/jsonrpc-server.h
@@ -35,6 +35,7 @@ struct ovsdb_jsonrpc_options {
     int max_backoff;            /* Maximum reconnection backoff, in msec. */
     int probe_interval;         /* Max idle time before probing, in msec. */
     int dscp;                   /* Dscp value for manager connections */
+    const char *punix_file_group; /* For setting the punix file's group. */
 };
 struct ovsdb_jsonrpc_options *
 ovsdb_jsonrpc_default_options(const char *target);
diff --git a/ovsdb/ovsdb-server.c b/ovsdb/ovsdb-server.c
index cd13b0d..8dca006 100644
--- a/ovsdb/ovsdb-server.c
+++ b/ovsdb/ovsdb-server.c
@@ -770,6 +770,8 @@ add_manager_options(struct shash *remotes, const struct 
ovsdb_row *row)
             options->dscp = dscp;
         }
     }
+    options->punix_file_group = read_map_string_column(row, "other_config",
+                                                       "punix_file_group");
 }
 
 static void
diff --git a/vswitchd/vswitch.xml b/vswitchd/vswitch.xml
index 6f6e0ed..ae7abfb 100644
--- a/vswitchd/vswitch.xml
+++ b/vswitchd/vswitch.xml
@@ -4286,6 +4286,22 @@
         default value of 48 is chosen.  Valid DSCP values must be in the range
         0 to 63.
       </column>
+
+      <column name="other_config" key="punix_file_group"
+                type='{"type": "string"}'>
+        <p>
+          When connection method in <ref column="target"/> is
+          <code>punix</code>, this config specifies the user group to which
+          the group ownership for 'punix' (unix domain socket) file created
+          by ovsdb will be applied.  Also, the file's access permission will be
+          changed to '0770'.
+        </p>
+        <p>
+          By default, the 'punix' file is associated with the 'root'
+          group and have access permission '0700'.  If this config is
+          not specified or specified as 'root', the default is restored.
+        </p>
+      </column>
     </group>
 
     <group title="Common Columns">
-- 
1.7.9.5

_______________________________________________
dev mailing list
dev@openvswitch.org
http://openvswitch.org/mailman/listinfo/dev