starlingx
/
config
Code Issues Proposed changes

Run sysinv-api as sysinv user and normal groups 

The sysinv-api is currently running as the sysinv user, but with
the group set to root. This is not correct - the sysinv-api should
run with the normal groups for the sysinv user, which include
sys_protected.

This change is necessary to allow the sysinv-api to communicate
with the kubernetes API (the configuration file is using group
sys_protected).

Change-Id: I0ebd60b256cf337495079fdb723b3ef2836e56de
Story: 2006590
Task: 36724
Depends-On: https://review.opendev.org/690418
Signed-off-by: Bart Wensley <barton.wensley@windriver.com>
This commit is contained in:
Bart Wensley 2019-10-22 16:14:35 -05:00
parent 58f05e8beb
commit 089cd3f420
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
sysinv/sysinv/sysinv/scripts/sysinv-api
View File

@ -254,7 +254,7 @@ sysinv_api_start () {
fi
# switch to non-root user before starting service
su ${OCF_RESKEY_user} -g root -s /bin/sh -c "${OCF_RESKEY_binary} --config-file=${OCF_RESKEY_config} ${RUN_OPT_DEBUG}"' >> /dev/null 2>&1 & echo $!' > $OCF_RESKEY_pid
su ${OCF_RESKEY_user} -s /bin/sh -c "${OCF_RESKEY_binary} --config-file=${OCF_RESKEY_config} ${RUN_OPT_DEBUG}"' >> /dev/null 2>&1 & echo $!' > $OCF_RESKEY_pid
rc=$?
if [ ${rc} -ne ${OCF_SUCCESS} ] ; then
ocf_log err "${proc} failed ${mydaemon} daemon (rc=$rc)"