From c5c9cb9ef22464b6ff7d4085645d31d368c5be7a Mon Sep 17 00:00:00 2001
From: Andy Zhou <azhou@nicira.com>
Date: Fri, 11 Sep 2015 16:06:50 -0700
Subject: [PATCH] ovs-dev.py: run operational commands as root

Switch operational commands, run, kill, reset and modinst directly
or indirectly read and writes files within the RUNDIR. Currently
these commands run in the current user context, with some "sudo"
commands thrown in to ensure daemons such as ovs-vswichd will be
launched as root.

This approach works fine as long as ovs-dev.py is always
run as root, (but then the 'sudo' commands added are redundant).
When invoking ovs-dev.py as non-root, files in RUNDIR will be mixed
with root created file and non-root created files, making it confusing
to decide whether to run ovs-appctl as root or not. Multiple
invocations of ovs-dev.py as root or non-root causes permission issues
since the same file created by a different user may no longer be
accessible when user changes.

This patch improves the situation by always run those four operational
commands as root. When they are invoked as non-root, "sudo" will be
used automatically by re-run the command with sudo.  VARDIR will now
always be access as root. The next patch will add --user and -u option
to allow for downgrading to running all daemons as non-root.

Signed-off-by: Andy Zhou <azhou@nicira.com>
Acked-by: Joe Stringer <joestringer@nicira.com>
---
 utilities/ovs-dev.py | 16 ++++++++++++++--
 1 file changed, 14 insertions(+), 2 deletions(-)

diff --git a/utilities/ovs-dev.py b/utilities/ovs-dev.py
index 2611a704c..b70f4047d 100755
--- a/utilities/ovs-dev.py
+++ b/utilities/ovs-dev.py
@@ -55,6 +55,11 @@ def uname():
     return _sh("uname", "-r", capture=True)[0].strip()
 
 
+def sudo():
+    if os.geteuid() != 0:
+        _sh(" ".join(["sudo"] + sys.argv), check=True)
+        sys.exit(0)
+
 def conf():
     tag()
 
@@ -186,15 +191,17 @@ commands.append(tag)
 
 
 def kill():
+    sudo()
     for proc in ["ovs-vswitchd", "ovsdb-server"]:
         if os.path.exists("%s/run/openvswitch/%s.pid" % (RUNDIR, proc)):
             _sh("ovs-appctl", "-t", proc, "exit", check=False)
             time.sleep(.1)
-        _sh("sudo", "killall", "-q", "-2", proc, check=False)
+        _sh("killall", "-q", "-2", proc, check=False)
 commands.append(kill)
 
 
 def reset():
+    sudo()
     kill()
     if os.path.exists(RUNDIR):
         shutil.rmtree(RUNDIR)
@@ -204,6 +211,7 @@ commands.append(reset)
 
 
 def run():
+    sudo()
     kill()
     for d in ["log", "run"]:
         d = "%s/%s" % (RUNDIR, d)
@@ -257,7 +265,6 @@ def run():
                "--suppressions=%s/tests/glibc.supp" % OVS_SRC,
                "--suppressions=%s/tests/openssl.supp" % OVS_SRC] + cmd
     else:
-        cmd = ["sudo"] + cmd
         opts = opts + ["-vconsole:off", "--detach", "--enable-dummy"]
     _sh(*(cmd + opts))
 commands.append(run)
@@ -268,6 +275,7 @@ def modinst():
         print "Missing modules directory.  Is this a Linux system?"
         sys.exit(1)
 
+    sudo()
     try:
         _sh("rmmod", "openvswitch")
     except subprocess.CalledProcessError, e:
@@ -341,6 +349,10 @@ Commands:
     modinst - Build ovs and install the kernel module.
     env     - Print the required path environment variable.
     doc     - Print this message.
+
+Note:
+    If running as non-root user, "kill", "reset", "run" and "modinst"
+    will always run as the root user, by rerun the commands with "sudo".
 """ % {"ovs": OVS_SRC, "v": sys.argv[0], "run": RUNDIR}
     sys.exit(0)
 commands.append(doc)
-- 
2.20.1