Bug ID 1140835
Summary openvswitch systemd service ovs-vswitchd changes permissions of /dev/hugepages which interferes with other system components
Classification openSUSE
Product openSUSE Distribution
Version Leap 15.1
Hardware Other
OS Other
Status NEW
Severity Normal
Priority P5 - None
Component Other
Assignee jcaamano@suse.com
Reporter okurz@suse.com
QA Contact qa-bugs@suse.de
CC mchandras@suse.com
Found By ---
Blocker --- 

## Observation

On an openSUSE Leap 15.1 aarch64 system we use /dev/hugepages for qemu. This
worked fine until we installed the openvswitch package as the systemd service
"ovs-vswitchd.service" changes the permission of /dev/hugepages so that another
user can not write into the directory anymore.

I found the according lines with:

```
$ find /usr/lib/systemd/ -name '*.service' | xargs grep hugepages
/usr/lib/systemd/system/ovs-vswitchd.service:ExecStartPre=-/bin/sh -c
'/usr/bin/chown :$${OVS_USER_ID##*:} /dev/hugepages'
/usr/lib/systemd/system/ovs-vswitchd.service:ExecStartPre=-/usr/bin/chmod 0775
/dev/hugepages
```

I found the upstream commit that introduced that:
https://github.com/openvswitch/ovs/commit/e3e738a3d0580a9a7178adfc9300a193b8df4ae5#diff-d9846707ff4b611f2ef841607aee9861R18

with the funny text "This change may be a bit controversial since it modifies
/dev/hugepages as part of starting the ovs-vswitchd to set a hugetlbfs group
ownership." -> Yes, it is controversial ;)

## Suggestion

I doubt it is a good idea if an individual package takes ownership of a generic
device folder and changes permissions on its own.

## Workaround

For now to make the machine usable as an openQA instance again we applied a
workaround with a custom override systemd service which resets permissions
after the execution of the `osv-vswitchd.service` service.

You are receiving this mail because: