Skip to content

Commit

Permalink
Remove chmod for OVSDB file from start_ovs
Browse files Browse the repository at this point in the history 
Starting with OVS 2.15.0, the permissions are set correctly (i.e. more
securely) for the OVSDB .db file (with no read permissions for
"others"). Because we use OVS 2.15.1 in Antrea, we no longer need to
manually fix the permissions in start_ovs / start_ovs_netdev.

Fixes #1292

Signed-off-by: Antonin Bas <abas@vmware.com>
  • Loading branch information
@antoninbas
antoninbas committed Sep 20, 2021
1 parent b0e2299 commit 1150122
Show file tree
Hide file tree
Showing 2 changed files with 0 additions and 8 deletions.
4 changes: 0 additions & 4 deletions build/images/scripts/start_ovs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -128,10 +128,6 @@ cleanup_ovs_run_files

start_ovs $hw_offload

# Restrict read permissions for "others"
# See discussion in https://github.com/antrea-io/antrea/issues/1292
chmod 0640 $OVS_DB_FILE

# Check OVS status every 30 seconds
CHECK_OVS_INTERVAL=30
# Run logrotate every hour
Expand Down
4 changes: 0 additions & 4 deletions build/images/scripts/start_ovs_netdev
View file
Original file line number Diff line number Diff line change
Expand Up @@ -132,10 +132,6 @@ trap "quit" INT TERM
fix_ovs_ctl
start_ovs

# Restrict read permissions for "others"
# See discussion in https://github.com/antrea-io/antrea/issues/1292
chmod 0640 $OVS_DB_FILE

if [[ "$#" -ge 1 ]] && [[ "$1" == "--start-ovs-only" ]]; then
exit 0
fi
Expand Down

0 comments on commit 1150122

Please sign in to comment.