snapd

openvswitch interface support for ovs-appctl

Bug #1873363 reported by Edward Hope-Morley
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
snapd
Fix Released
Undecided
Edward Hope-Morley
snapd 2.45

Bug Description

Executing 'ovs-appctl dpctl/dump-conntrack zone=1' currently does this in a confined snap using the openvswitch interface:

ERROR: unable to load conntrack zones: 2020-04-16T21:56:54Z|00001|daemon_unix|WARN|/var/run/openvswitch/ovs-vswitchd.pid: open: Permission denied
ovs-appctl: cannot read pidfile "/var/run/openvswitch/ovs-vswitchd.pid" (Permission denied)
2020-04-16T21:56:54Z|00001|daemon_unix|WARN|/var/run/openvswitch/ovs-vswitchd.pid: open: Permission denied
ovs-appctl: cannot read pidfile "/var/run/openvswitch/ovs-vswitchd.pid" (Permission denied)

Need to allow access to (at least) /var/run/openvswitch/ovs-vswitchd.pid

Revision history for this message
Edward Hope-Morley (hopem) wrote :

More details on what is needed:

# strace ovs-appctl dpctl/dump-conntrack zone=1 2>&1| egrep "open\(|connect\("| egrep -v "/etc|/lib"
open("/var/run/openvswitch/ovs-vswitchd.pid", O_RDWR) = 3
connect(3, {sa_family=AF_LOCAL, sun_path="/var/run/openvswitch/ovs-vswitchd.1507.ctl"}, 45) = 0

Changed in snappy:
assignee: nobody → Edward Hope-Morley (hopem)
status: New → In Progress
Revision history for this message
Edward Hope-Morley (hopem) wrote :

Patch submitted for review @ https://github.com/snapcore/snapd/pull/8514

Sergio Schvezov (sergiusens)
affects: snappy → snapd
Revision history for this message
Edward Hope-Morley (hopem) wrote :

Tested this using edge snapd and lgtm.

Changed in snapd:
status: In Progress → Fix Committed
Revision history for this message
Zygmunt Krynicki (zyga) wrote :

This issue was fixed in snapd 2.45 which was since released to the stable channel. Marking as released.

Changed in snapd:
milestone: none → 2.45
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.