From patchwork Thu Aug 11 06:09:13 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Justin Pettit X-Patchwork-Id: 661587 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from archives.nicira.com (archives.nicira.com [96.126.127.54]) by ozlabs.org (Postfix) with ESMTP id 3sJ2M44cTGz9sBM for ; Tue, 23 Aug 2016 04:35:44 +1000 (AEST) Received: from archives.nicira.com (localhost [127.0.0.1]) by archives.nicira.com (Postfix) with ESMTP id 2A9AE1065F; Mon, 22 Aug 2016 11:35:33 -0700 (PDT) X-Original-To: dev@openvswitch.org Delivered-To: dev@openvswitch.org Received: from mx1e4.cudamail.com (mx1.cudamail.com [69.90.118.67]) by archives.nicira.com (Postfix) with ESMTPS id E409F10602 for ; Mon, 22 Aug 2016 11:35:31 -0700 (PDT) Received: from bar5.cudamail.com (unknown [192.168.21.12]) by mx1e4.cudamail.com (Postfix) with ESMTPS id 7CB571E03A0 for ; Mon, 22 Aug 2016 12:35:30 -0600 (MDT) X-ASG-Debug-ID: 1471890930-09eadd61b23b7c50001-byXFYA Received: from mx1-pf1.cudamail.com ([192.168.24.1]) by bar5.cudamail.com with ESMTP id O6yWWdD8e46NDzH4 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO) for ; Mon, 22 Aug 2016 12:35:30 -0600 (MDT) X-Barracuda-Envelope-From: jpettit@ovn.org X-Barracuda-RBL-Trusted-Forwarder: 192.168.24.1 Received: from unknown (HELO relay3-d.mail.gandi.net) (217.70.183.195) by mx1-pf1.cudamail.com with ESMTPS (DHE-RSA-AES256-SHA encrypted); 22 Aug 2016 18:35:29 -0000 Received-SPF: pass (mx1-pf1.cudamail.com: SPF record at ovn.org designates 217.70.183.195 as permitted sender) X-Barracuda-Apparent-Source-IP: 217.70.183.195 X-Barracuda-RBL-IP: 217.70.183.195 Received: from mfilter31-d.gandi.net (mfilter31-d.gandi.net [217.70.178.162]) by relay3-d.mail.gandi.net (Postfix) with ESMTP id EDFC8A80D5 for ; Mon, 22 Aug 2016 20:35:27 +0200 (CEST) X-Virus-Scanned: Debian amavisd-new at mfilter31-d.gandi.net Received: from relay3-d.mail.gandi.net ([IPv6:::ffff:217.70.183.195]) by mfilter31-d.gandi.net (mfilter31-d.gandi.net [::ffff:10.0.15.180]) (amavisd-new, port 10024) with ESMTP id iQf0PpGBQUON for ; Mon, 22 Aug 2016 20:35:26 +0200 (CEST) X-Originating-IP: 75.98.193.200 Received: from localhost.localdomain (unknown [75.98.193.200]) (Authenticated sender: jpettit@ovn.org) by relay3-d.mail.gandi.net (Postfix) with ESMTPSA id 41935A80C7 for ; Mon, 22 Aug 2016 20:35:26 +0200 (CEST) X-CudaMail-Envelope-Sender: jpettit@ovn.org From: Justin Pettit To: dev@openvswitch.org X-CudaMail-Whitelist-To: dev@openvswitch.org X-CudaMail-MID: CM-E1-821051095 X-CudaMail-DTE: 082216 X-CudaMail-Originating-IP: 217.70.183.195 Date: Wed, 10 Aug 2016 23:09:13 -0700 X-ASG-Orig-Subj: [##CM-E1-821051095##][PATCH 2/3] daemon: Minor tweaking of man page fragment. Message-Id: <1470895754-84811-2-git-send-email-jpettit@ovn.org> X-Mailer: git-send-email 1.9.1 In-Reply-To: <1470895754-84811-1-git-send-email-jpettit@ovn.org> References: <1470895754-84811-1-git-send-email-jpettit@ovn.org> X-Barracuda-Connect: UNKNOWN[192.168.24.1] X-Barracuda-Start-Time: 1471890930 X-Barracuda-Encrypted: ECDHE-RSA-AES256-GCM-SHA384 X-Barracuda-URL: https://web.cudamail.com:443/cgi-mod/mark.cgi X-ASG-Whitelist: Header =?UTF-8?B?eFwtY3VkYW1haWxcLXdoaXRlbGlzdFwtdG8=?= X-Virus-Scanned: by bsmtpd at cudamail.com X-Barracuda-BRTS-Status: 1 Subject: [ovs-dev] [PATCH 2/3] daemon: Minor tweaking of man page fragment. X-BeenThere: dev@openvswitch.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: dev-bounces@openvswitch.org Sender: "dev" Signed-off-by: Justin Pettit Acked-by: Ryan Moats Acked-by: Ben Pfaff --- lib/daemon.man | 2 +- lib/daemon.xml | 9 +++++---- 2 files changed, 6 insertions(+), 5 deletions(-) diff --git a/lib/daemon.man b/lib/daemon.man index f4e79ac..2855c2d 100644 --- a/lib/daemon.man +++ b/lib/daemon.man @@ -74,7 +74,7 @@ allowed, with current user or group are assumed respectively. Only daemons started by the root user accepts this argument. .IP On Linux, daemons will be granted CAP_IPC_LOCK and CAP_NET_BIND_SERVICES -before dropping root privileges. Daemons interact with datapath, +before dropping root privileges. Daemons that interact with a datapath, such as ovs-vswitchd, will be granted two additional capabilities, namely CAP_NET_ADMIN and CAP_NET_RAW. The capability change will apply even if new user is "root". diff --git a/lib/daemon.xml b/lib/daemon.xml index d752e99..737ae55 100644 --- a/lib/daemon.xml +++ b/lib/daemon.xml @@ -106,10 +106,11 @@

On Linux, daemons will be granted CAP_IPC_LOCK and CAP_NET_BIND_SERVICES before dropping root privileges. - Daemons interact with datapath, such as ovs-vswitchd, will - be granted two additional capabilities, namely CAP_NET_ADMIN - and CAP_NET_RAW. The capability change will apply even if - the new user is root. + Daemons that interact with a datapath, such as + ovs-vswitchd, will be granted two additional + capabilities, namely CAP_NET_ADMIN and + CAP_NET_RAW. The capability change will apply even + if the new user is root.