[ovs-dev] [PATCH RFC v6 1/1] netdev-dpdk: add dpdk vhost ports

Traynor, Kevin kevin.traynor at intel.com
Fri Mar 6 18:09:07 UTC 2015


> -----Original Message-----
> From: Michael S. Tsirkin [mailto:mst at redhat.com]
> Sent: Wednesday, March 4, 2015 6:54 PM
> To: Traynor, Kevin
> Cc: dev at openvswitch.org
> Subject: Re: [ovs-dev] [PATCH RFC v6 1/1] netdev-dpdk: add dpdk vhost ports
> 
> On Wed, Mar 04, 2015 at 06:00:51PM +0000, Traynor, Kevin wrote:
> > > > > > +     2. Disable SELinux or set to permissive mode
> > > > >
> > > > >
> > > > > It's a work-around, but the right thing to do is really
> > > > > to write up correct selinux policies.
> > > > > Any plans to do this?
> > > >
> > > > No plans for this at present
> > >
> > > That's pretty bad, so one has to give up some security to
> > > gain some other feature. How does one make a call?
> > > Why don't you want to fix it?
> >
> > We haven't been able to get to do this now. I'm not clear yet
> > if this will be needed for vhost-user?
> 
> Well normally yes. Updating selinux policies is easy - you set it to
> record what's going on, then package it.

ok, I've requested that DPDK add this as it will be useful for any users 
of the DPDK vhost libs.

> > > > It's not something we've looked at, but will bring it up with the dpdk
> team
> > >
> > > Please do, wrapper scripts simply can't be supported by libvirt.
> >
> > The vhostfd could be put manually into libvirt or the wrapper script could
> be used.
> > We didn't see another way to get it into the XML?
> 
> If using libvirt, one just sets the backend path for tun and/or vhost:
>   <backend tap='/dev/dpdk-tun' vhost='/dev/dpdk-vhost-net'/>
> 
> see https://libvirt.org/formatdomain.html

thanks - I'll try that,

Kevin.

> 
> 
> > >
> > > > >
> > > > > > +
> > > > > > +DPDK vHost VM configuration with QEMU wrapper:
> > > > >
> > > > > ...
> > > > >



More information about the dev mailing list