[ovs-dev] [PATCH RFC v6 1/1] netdev-dpdk: add dpdk vhost ports

Michael S. Tsirkin mst at redhat.com
Wed Mar 4 18:53:47 UTC 2015


On Wed, Mar 04, 2015 at 06:00:51PM +0000, Traynor, Kevin wrote:
> > > > > +     2. Disable SELinux or set to permissive mode
> > > >
> > > >
> > > > It's a work-around, but the right thing to do is really
> > > > to write up correct selinux policies.
> > > > Any plans to do this?
> > >
> > > No plans for this at present
> > 
> > That's pretty bad, so one has to give up some security to
> > gain some other feature. How does one make a call?
> > Why don't you want to fix it?
> 
> We haven't been able to get to do this now. I'm not clear yet 
> if this will be needed for vhost-user?

Well normally yes. Updating selinux policies is easy - you set it to
record what's going on, then package it.
> > > It's not something we've looked at, but will bring it up with the dpdk team
> > 
> > Please do, wrapper scripts simply can't be supported by libvirt.
> 
> The vhostfd could be put manually into libvirt or the wrapper script could be used.
> We didn't see another way to get it into the XML?

If using libvirt, one just sets the backend path for tun and/or vhost:
  <backend tap='/dev/dpdk-tun' vhost='/dev/dpdk-vhost-net'/>

see https://libvirt.org/formatdomain.html


> > 
> > > >
> > > > > +
> > > > > +DPDK vHost VM configuration with QEMU wrapper:
> > > >
> > > > ...
> > > >



More information about the dev mailing list