Re: [ovs-dev] [PATCH 0/3][RFC] Implement a chroot for ovsdb-server

On 07/16/2014 08:04 PM, Ben Pfaff wrote: > On Wed, Jul 16, 2014 at 02:53:37PM -0300, Flavio Leitner wrote: >> On Wed, Jul 16, 2014 at 09:56:20AM -0700, Ben Pfaff wrote: >>> On Wed, Jul 16, 2014 at 10:39:17AM -0300, Flavio Leitner wrote: >>> There's more than one way to chroot. Maybe Eric is thinki

[ovs-dev] [PATCH 1/3][RFC] Allow to open the urandom file descriptor in advance

commit 70f2616745100c12004309e794a85bae95764845 Author: Eric Sesterhenn Date: Fri Jul 11 03:53:40 2014 -0500 Allow to open the urandom file descriptor in advance This is just an RFC at the moment, since it leaks one file descriptor per process. Signed-off-by: Eric Sesterhenn

[ovs-dev] [PATCH 3/3][RFC] Implement chrooting for ovsdb-server

commit 9848adf57ce712c941dd41a6bf74a09d4b7e3555 Author: Eric Sesterhenn Date: Fri Jul 11 03:56:08 2014 -0500 Implement chrooting for ovsdb-server This adds the command line options --chroot-dir and --chroot-user to ovsdb-server, which allows to put the process into a chroot

[ovs-dev] [PATCH 0/3][RFC] Implement a chroot for ovsdb-server

this something worthwile pursuing or are there reasons, why chrooting was not already implemented for ovsdb-server? Best Regards, Eric Sesterhenn -- LSE Leading Security Experts GmbH, Postfach 100121, 64201 Darmstadt Unternehmenssitz: Weiterstadt, Amtsgericht Darmstadt: HRB8649 Geschäftsführer

[ovs-dev] [PATCH 2/3][RFC] Factor the ovsdb-server main loop into a new function

commit b5431b8dcc8e02c335c388afaee4b606d3253204 Author: Eric Sesterhenn Date: Fri Jul 11 03:54:48 2014 -0500 Factor the ovsdb-server main loop into a new function This refactors the ovsdb-server main loop into a new function, which allows to call it from multiple places