[ovs-dev] [PATCH v2 0/2] vhost-user: Add the ability to control ownership/permissions

[Aaron Conole]

Aaron Conole <aconole at redhat.com> writes:

> Currently, when using Open vSwitch with DPDK and qemu guests, the recommended
> method for joining the guests is via the dpdkvhostuser interface. This
> interface uses Unix Domain sockets to communicate. When these sockets are
> created, they inherit the permissions and ownership from the vswitchd process.
> This can lead to an undesirable state where the QEMU process cannot use the
> socket file until manual intervention is performed (via `chown` and/or `chmod`
> calls).
>
> This patchset gives the ability to set the permissions and ownership of all
> dpdkvhostuser sockets from the database, avoiding the manual intervention
> required to connect QEMU and OVS via DPDK.
>
> The first patch adds chmod and chown calls to lib, with unit tests. The
> second patch hooks those calls into the netdev_dpdk_vhost_user_construct
> function, after the socket is created.
>

I've posted a followup series to this, which I believe integrates all of
the feedback over the last 8 weeks.  It introduces an additional call,
currently only implemented for linux but which could be extended to
other operating systems, to set an already opened file by filename.
This is then used by the vhostuser server code to set discretionary
access controls.

The series can be found here:
http://openvswitch.org/pipermail/dev/2016-July/075749.html

Thanks,
-Aaron