]>
Commit | Line | Data |
---|---|---|
679d3475 | 1 | .PP |
fda546bd | 2 | The following options are valid on POSIX based platforms. |
064af421 | 3 | .TP |
86f2fa59 | 4 | \fB\-\-pidfile\fR[\fB=\fIpidfile\fR] |
064af421 | 5 | Causes a file (by default, \fB\*(PN.pid\fR) to be created indicating |
86f2fa59 BP |
6 | the PID of the running process. If the \fIpidfile\fR argument is not |
7 | specified, or | |
064af421 BP |
8 | if it does not begin with \fB/\fR, then it is created in |
9 | \fB@RUNDIR@\fR. | |
86f2fa59 | 10 | .IP |
4e312e69 | 11 | If \fB\-\-pidfile\fR is not specified, no pidfile is created. |
a9b4a41a | 12 | . |
064af421 | 13 | .TP |
4e312e69 BP |
14 | \fB\-\-overwrite\-pidfile\fR |
15 | By default, when \fB\-\-pidfile\fR is specified and the specified pidfile | |
e7bd7d78 | 16 | already exists and is locked by a running process, \fB\*(PN\fR refuses |
4e312e69 | 17 | to start. Specify \fB\-\-overwrite\-pidfile\fR to cause it to instead |
e7bd7d78 | 18 | overwrite the pidfile. |
a9b4a41a | 19 | .IP |
4e312e69 | 20 | When \fB\-\-pidfile\fR is not specified, this option has no effect. |
a9b4a41a | 21 | . |
8b2ffff0 BP |
22 | .IP \fB\-\-detach\fR |
23 | Runs \fB\*(PN\fR as a background process. The process forks, and in | |
24 | the child it starts a new session, closes the standard file | |
25 | descriptors (which has the side effect of disabling logging to the | |
26 | console), and changes its current directory to the root (unless | |
27 | \fB\-\-no\-chdir\fR is specified). After the child completes its | |
28 | initialization, the parent exits. \*(DD | |
a9b4a41a | 29 | . |
ff8decf1 | 30 | .TP |
4e312e69 | 31 | \fB\-\-monitor\fR |
ff8decf1 BP |
32 | Creates an additional process to monitor the \fB\*(PN\fR daemon. If |
33 | the daemon dies due to a signal that indicates a programming error | |
f67c3295 BP |
34 | (\fBSIGABRT\fR, \fBSIGALRM\fR, \fBSIGBUS\fR, \fBSIGFPE\fR, |
35 | \fBSIGILL\fR, \fBSIGPIPE\fR, \fBSIGSEGV\fR, \fBSIGXCPU\fR, or | |
36 | \fBSIGXFSZ\fR) then the monitor process starts a new copy of it. If | |
37 | the daemon dies or exits for another reason, the monitor process exits. | |
ff8decf1 | 38 | .IP |
4e312e69 | 39 | This option is normally used with \fB\-\-detach\fR, but it also |
ff8decf1 | 40 | functions without it. |
a9b4a41a | 41 | . |
91a1e24d | 42 | .TP |
4e312e69 BP |
43 | \fB\-\-no\-chdir\fR |
44 | By default, when \fB\-\-detach\fR is specified, \fB\*(PN\fR | |
91a1e24d JP |
45 | changes its current working directory to the root directory after it |
46 | detaches. Otherwise, invoking \fB\*(PN\fR from a carelessly chosen | |
47 | directory would prevent the administrator from unmounting the file | |
48 | system that holds that directory. | |
49 | .IP | |
4e312e69 | 50 | Specifying \fB\-\-no\-chdir\fR suppresses this behavior, preventing |
91a1e24d JP |
51 | \fB\*(PN\fR from changing its current working directory. This may be |
52 | useful for collecting core files, since it is common behavior to write | |
53 | core dumps into the current working directory and the root directory | |
54 | is not a good directory to use. | |
55 | .IP | |
4e312e69 | 56 | This option has no effect when \fB\-\-detach\fR is not specified. |
e91b927d AZ |
57 | . |
58 | .TP | |
81d2f75c AA |
59 | \fB\-\-no\-self\-confinement\fR |
60 | By default daemon will try to self-confine itself to work with | |
61 | files under well-know, at build-time whitelisted directories. It | |
62 | is better to stick with this default behavior and not to use this | |
63 | flag unless some other Access Control is used to confine daemon. | |
64 | Note that in contrast to other access control implementations that | |
65 | are typically enforced from kernel-space (e.g. DAC or MAC), | |
66 | self-confinement is imposed from the user-space daemon itself and | |
67 | hence should not be considered as a full confinement strategy, but | |
68 | instead should be viewed as an additional layer of security. | |
69 | . | |
70 | .TP | |
e91b927d | 71 | \fB\-\-user\fR |
6069edb0 AZ |
72 | Causes \fB\*(PN\fR to run as a different user specified in "user:group", thus |
73 | dropping most of the root privileges. Short forms "user" and ":group" are also | |
e91b927d AZ |
74 | allowed, with current user or group are assumed respectively. Only daemons |
75 | started by the root user accepts this argument. | |
76 | .IP | |
77 | On Linux, daemons will be granted CAP_IPC_LOCK and CAP_NET_BIND_SERVICES | |
1da17ab5 | 78 | before dropping root privileges. Daemons that interact with a datapath, |
cf114a7f FL |
79 | such as \fBovs\-vswitchd\fR, will be granted three additional capabilities, |
80 | namely CAP_NET_ADMIN, CAP_NET_BROADCAST and CAP_NET_RAW. The capability | |
81 | change will apply even if the new user is root. | |
e91b927d AZ |
82 | .IP |
83 | On Windows, this option is not currently supported. For security reasons, | |
84 | specifying this option will cause the daemon process not to start. |