> On Aug 26, 2016, at 8:49 AM, Ben Pfaff <b...@ovn.org> wrote: > > On Wed, Aug 10, 2016 at 11:09:13PM -0700, Justin Pettit wrote: >> Signed-off-by: Justin Pettit <jpet...@ovn.org> >> --- >> lib/daemon.man | 2 +- >> lib/daemon.xml | 9 +++++---- >> 2 files changed, 6 insertions(+), 5 deletions(-) >> >> diff --git a/lib/daemon.man b/lib/daemon.man >> index f4e79ac..2855c2d 100644 >> --- a/lib/daemon.man >> +++ b/lib/daemon.man >> @@ -74,7 +74,7 @@ allowed, with current user or group are assumed >> respectively. Only daemons >> started by the root user accepts this argument. >> .IP >> On Linux, daemons will be granted CAP_IPC_LOCK and CAP_NET_BIND_SERVICES >> -before dropping root privileges. Daemons interact with datapath, >> +before dropping root privileges. Daemons that interact with a datapath, > > Can you also change ovs-vswitchd to \fBovs\-vswitchd\fR here, please: > >> such as ovs-vswitchd, will be granted two additional capabilities, namely >> CAP_NET_ADMIN and CAP_NET_RAW. The capability change will apply even if >> new user is "root".
Done. > Acked-by: Ben Pfaff <b...@ovn.org> Thanks. I'll push this and the next patch with yours and Ryan's acks in a minute. --Justin _______________________________________________ dev mailing list dev@openvswitch.org http://openvswitch.org/mailman/listinfo/dev
