[ovs-dev] [PATCH v4 5/5] redhat: allow dpdk to also run as non-root user

Aaron Conole aconole at redhat.com
Sun Aug 6 11:24:21 UTC 2017 

Russell Bryant <russell at ovn.org> writes:

> On Fri, Aug 4, 2017 at 1:00 PM, Aaron Conole <aconole at redhat.com> wrote:
>> After this commit, users may start a dpdk-enabled ovs setup as a
>> non-root user.  This is accomplished by exporting the $HOME directory,
>> which dpdk uses to fill in it's semi-persistent RTE configuration.
>>
>> This change may be a bit controversial since it modifies /dev/hugepages
>> as part of starting the ovs-vswitchd to set a hugetlbfs group
>> ownership.  This is used to enable writing to /dev/hugepages so that the
>> dpdk_init will successfully complete.  There is an alternate way of
>> accomplishing this - namely to initialize DPDK before dropping
>> privileges.  However, this would mean that if DPDK ever grows an uninit
>> / reinit function, non-root ovs likely could never use it.
>
> Indeed ... the modifications to /dev/hugepages don't look ideal ...
>
> If this was truly limited to when DPDK was in use, I'd feel better
> about it.  We want to build a single package for OVS, right?  The
> package will have DPDK enabled, even for normal uses that won't use
> DPDK.  That means these modifications take place even for non-DPDK
> use.  I'd feel more comfortable if it could be restricted to only when
> DPDK was actually in use.  Maybe some of this logic could be moved
> into ovs-ctl so that the check could be at runtime?

I couldn't find a way of doing that check.  It is possible to
dynamically enable dpdk (since commit ec2b070143c2 "dpdk: Late
initialization"), which means we would need something constantly polling
for the status change -OR- we would need to have a way of changing gid
in response to the database change.  The second might be possible but
would require some changes in ovs-vswitchd.

>>
>> This does not change OvS+DPDK's SELinux requirements.  It still must be
>> disabled.
>>
>> Signed-off-by: Aaron Conole <aconole at redhat.com>
>> ---
>>  Documentation/intro/install/dpdk.rst                |  7 +++++++
>>  NEWS                                                |  1 +
>>  rhel/README.RHEL.rst                                | 11 +++++++++++
>>  rhel/openvswitch-fedora.spec.in                     | 13 +++++++++++++
>>  rhel/usr_lib_systemd_system_ovs-vswitchd.service.in |  5 +++++
>>  5 files changed, 37 insertions(+)

More information about the dev mailing list