On Tue, Feb 02, 2016 at 05:56:34PM -0800, Daniele Di Proietto wrote: > This effectively stops vswitchd from creating bridges with '/' in the > name. OVS used to print a warning but the bridge was created anyway. > > This restriction is implemented because the bridge name is part of a > filesystem path. > > This check is no substitute for Mandatory Access Control, but it > certainly helps to catch the error early. > > Signed-off-by: Daniele Di Proietto <diproiet...@vmware.com>
Please add a test. You can take this one: diff --git a/tests/ovs-vswitchd.at b/tests/ovs-vswitchd.at index 4245fc4..848daa3 100644 --- a/tests/ovs-vswitchd.at +++ b/tests/ovs-vswitchd.at @@ -187,3 +187,33 @@ AT_CHECK([ovs-appctl dpif/show | tail -n +3], [0], [dnl ]) OVS_VSWITCHD_STOP AT_CLEANUP + +dnl ---------------------------------------------------------------------- +AT_SETUP([ovs-vswitchd - do not create sockets with unsafe names]) +OVS_VSWITCHD_START + +# On Unix systems, test for sockets with "test -S". +# +# On Windows systems, we simulate a socket with a regular file that contains +# a TCP port number, so use "test -f" there instead. +if test $IS_WIN32 = yes; then + S=f +else + S=S +fi + +# Create a bridge with an ordinary name and make sure that the management +# socket gets creatd. +AT_CHECK([ovs-vsctl add-br a -- set bridge a datapath-type=dummy]) +AT_CHECK([test -$S a.mgmt]) + +# Create a bridge with an unsafe name and make sure that the management +# socket does not get created. +mkdir b +AT_CHECK([ovs-vsctl add-br b/c -- set bridge b/c datapath-type=dummy], [0], + [], [ovs-vsctl: Error detected while setting up 'b/c'. See ovs-vswitchd log for details. +]) +AT_CHECK([test ! -e b/c.mgmt]) + +OVS_VSWITCHD_STOP(['/ignoring bridge with invalid name/d']) +AT_CLEANUP _______________________________________________ dev mailing list dev@openvswitch.org http://openvswitch.org/mailman/listinfo/dev
