[ovs-dev] [PATCH 1/1] daemon-unix: Support OVS-DPDK HW offloads for non-root user

Ameer Mahagneh ameerm at nvidia.com
Tue Sep 15 10:45:35 UTC 2020


For security reasons only root or privileged user can allocate Interconnect
Context Memory (ICM). Add this capability for vendors that require ICM
allocation when applying DPDK rte flows.

Signed-off-by: Ameer Mahagneh <ameerm at nvidia.com>
Acked-by: Eli Britstein <elibr at nvidia.com>
---
 lib/daemon-unix.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/lib/daemon-unix.c b/lib/daemon-unix.c
index ae59ecf2c..d32a60657 100644
--- a/lib/daemon-unix.c
+++ b/lib/daemon-unix.c
@@ -820,6 +820,7 @@ daemon_become_new_user_linux(bool access_datapath OVS_UNUSED)
             if (access_datapath && !ret) {
                 ret = capng_update(CAPNG_ADD, cap_sets, CAP_NET_ADMIN)
                       || capng_update(CAPNG_ADD, cap_sets, CAP_NET_RAW)
+                      || capng_update(CAPNG_ADD, cap_sets, CAP_SYS_RAWIO)
                       || capng_update(CAPNG_ADD, cap_sets, CAP_NET_BROADCAST);
             }
         } else {
-- 
2.21.0



More information about the dev mailing list