+The following options are valid on POSIX based platforms.
.TP
\fB\-\-pidfile\fR[\fB=\fIpidfile\fR]
Causes a file (by default, \fB\*(PN.pid\fR) to be created indicating
.TP
\fB\-\-detach\fR
Causes \fB\*(PN\fR to detach itself from the foreground session and
-run as a background process.
+run as a background process. \*(DD
.
.TP
\fB\-\-monitor\fR
Creates an additional process to monitor the \fB\*(PN\fR daemon. If
the daemon dies due to a signal that indicates a programming error
-(e.g. \fBSIGSEGV\fR, \fBSIGABRT\fR), then the monitor process starts a
-new copy of it. If the daemon die or exits for another reason, the
-monitor process exits.
+(\fBSIGABRT\fR, \fBSIGALRM\fR, \fBSIGBUS\fR, \fBSIGFPE\fR,
+\fBSIGILL\fR, \fBSIGPIPE\fR, \fBSIGSEGV\fR, \fBSIGXCPU\fR, or
+\fBSIGXFSZ\fR) then the monitor process starts a new copy of it. If
+the daemon dies or exits for another reason, the monitor process exits.
.IP
This option is normally used with \fB\-\-detach\fR, but it also
functions without it.
is not a good directory to use.
.IP
This option has no effect when \fB\-\-detach\fR is not specified.
+.
+.TP
+\fB\-\-user\fR
+Causes \fB\*(PN\fR to run as a non root user specified in "user:group", thus
+dropping all root privileges. Short forms "user" and ":group" are also
+allowed, with current user or group are assumed respectively. Only daemons
+started by the root user accepts this argument.
+.IP
+On Linux, daemons will be granted CAP_IPC_LOCK and CAP_NET_BIND_SERVICES
+before dropping root privileges. Daemons interact with datapath,
+such as ovs-vswitchd, will be granted two additional capabilities, namely
+CAP_NET_ADMIN and CAP_NET_RAW.
+.IP
+On Windows, this option is not currently supported. For security reasons,
+specifying this option will cause the daemon process not to start.
projects / cascardo / ovs.git / blobdiff