]>
Commit | Line | Data |
---|---|---|
4acd1e87 BP |
1 | <?xml version="1.0" encoding="utf-8"?> |
2 | <dl> | |
3 | <dt><code>--pidfile</code>[<code>=</code><var>pidfile</var>]</dt> | |
4 | <dd> | |
5 | <p> | |
6 | Causes a file (by default, <code><var>program</var>.pid</code>) to be | |
7 | created indicating the PID of the running process. If the | |
8 | <var>pidfile</var> argument is not specified, or if it does not begin | |
9 | with <code>/</code>, then it is created in <code>@RUNDIR@</code>. | |
10 | </p> | |
11 | ||
12 | <p> | |
13 | If <code>--pidfile</code> is not specified, no pidfile is created. | |
14 | </p> | |
15 | </dd> | |
16 | ||
17 | <dt><code>--overwrite-pidfile</code></dt> | |
18 | <dd> | |
19 | <p> | |
20 | By default, when <code>--pidfile</code> is specified and the specified | |
21 | pidfile already exists and is locked by a running process, the daemon | |
22 | refuses to start. Specify <code>--overwrite-pidfile</code> to cause it | |
23 | to instead overwrite the pidfile. | |
24 | </p> | |
25 | ||
26 | <p> | |
27 | When <code>--pidfile</code> is not specified, this option has no effect. | |
28 | </p> | |
29 | </dd> | |
30 | ||
31 | <dt><code>--detach</code></dt> | |
32 | <dd> | |
33 | Runs this program as a background process. The process forks, and in the | |
34 | child it starts a new session, closes the standard file descriptors (which | |
35 | has the side effect of disabling logging to the console), and changes its | |
36 | current directory to the root (unless <code>--no-chdir</code> is | |
37 | specified). After the child completes its initialization, the parent | |
38 | exits. | |
39 | </dd> | |
40 | ||
41 | <dt><code>--monitor</code></dt> | |
42 | <dd> | |
43 | <p> | |
44 | Creates an additional process to monitor this program. If it dies due to | |
45 | a signal that indicates a programming error (<code>SIGABRT</code>, | |
46 | <code>SIGALRM</code>, <code>SIGBUS</code>, <code>SIGFPE</code>, | |
47 | <code>SIGILL</code>, <code>SIGPIPE</code>, <code>SIGSEGV</code>, | |
48 | <code>SIGXCPU</code>, or <code>SIGXFSZ</code>) then the monitor process | |
49 | starts a new copy of it. If the daemon dies or exits for another reason, | |
50 | the monitor process exits. | |
51 | </p> | |
52 | ||
53 | <p> | |
54 | This option is normally used with <code>--detach</code>, but it also | |
55 | functions without it. | |
56 | </p> | |
57 | </dd> | |
58 | ||
59 | <dt><code>--no-chdir</code></dt> | |
60 | <dd> | |
61 | <p> | |
b4675b81 | 62 | By default, when <code>--detach</code> is specified, the daemon changes |
4acd1e87 BP |
63 | its current working directory to the root directory after it detaches. |
64 | Otherwise, invoking the daemon from a carelessly chosen directory would | |
65 | prevent the administrator from unmounting the file system that holds that | |
66 | directory. | |
67 | </p> | |
68 | ||
69 | <p> | |
70 | Specifying <code>--no-chdir</code> suppresses this behavior, preventing | |
71 | the daemon from changing its current working directory. This may be | |
72 | useful for collecting core files, since it is common behavior to write | |
73 | core dumps into the current working directory and the root directory is | |
74 | not a good directory to use. | |
75 | </p> | |
76 | ||
77 | <p> | |
78 | This option has no effect when <code>--detach</code> is not specified. | |
79 | </p> | |
80 | </dd> | |
81 | ||
82 | <dt><code>--no-self-confinement</code></dt> | |
83 | <dd> | |
84 | By default this daemon will try to self-confine itself to work with files | |
8205fbc8 | 85 | under well-known directories determined at build time. It is better to |
4acd1e87 BP |
86 | stick with this default behavior and not to use this flag unless some other |
87 | Access Control is used to confine daemon. Note that in contrast to other | |
88 | access control implementations that are typically enforced from | |
89 | kernel-space (e.g. DAC or MAC), self-confinement is imposed from the | |
90 | user-space daemon itself and hence should not be considered as a full | |
91 | confinement strategy, but instead should be viewed as an additional layer | |
92 | of security. | |
93 | </dd> | |
94 | ||
95 | <dt><code>--user=</code><var>user</var><code>:</code><var>group</var></dt> | |
96 | <dd> | |
97 | <p> | |
98 | Causes this program to run as a different user specified in | |
99 | <var>user</var><code>:</code><var>group</var>, thus dropping most of the | |
100 | root privileges. Short forms <var>user</var> and | |
101 | <code>:</code><var>group</var> are also allowed, with current user or | |
102 | group assumed, respectively. Only daemons started by the root user | |
103 | accepts this argument. | |
104 | </p> | |
105 | ||
106 | <p> | |
107 | On Linux, daemons will be granted <code>CAP_IPC_LOCK</code> and | |
108 | <code>CAP_NET_BIND_SERVICES</code> before dropping root privileges. | |
1da17ab5 | 109 | Daemons that interact with a datapath, such as |
cf114a7f FL |
110 | <code>ovs-vswitchd</code>, will be granted three additional |
111 | capabilities, namely <code>CAP_NET_ADMIN</code>, | |
112 | <code>CAP_NET_BROADCAST</code> and <code>CAP_NET_RAW</code>. The | |
113 | capability change will apply even if the new user is root. | |
4acd1e87 BP |
114 | </p> |
115 | ||
116 | <p> | |
117 | On Windows, this option is not currently supported. For security | |
118 | reasons, specifying this option will cause the daemon process not to | |
119 | start. | |
120 | </p> | |
121 | </dd> | |
122 | </dl> |