[ovs-dev] [PATCH 1/1] daemon-unix: Support OVS-DPDK HW offloads for non-root user

David Marchand david.marchand at redhat.com
Wed Sep 16 16:23:39 UTC 2020


On Tue, Sep 15, 2020 at 12:52 PM Ameer Mahagneh <ameerm at nvidia.com> wrote:
>
> For security reasons only root or privileged user can allocate Interconnect
> Context Memory (ICM). Add this capability for vendors that require ICM
> allocation when applying DPDK rte flows.
>
> Signed-off-by: Ameer Mahagneh <ameerm at nvidia.com>
> Acked-by: Eli Britstein <elibr at nvidia.com>
> ---
>  lib/daemon-unix.c | 1 +
>  1 file changed, 1 insertion(+)
>
> diff --git a/lib/daemon-unix.c b/lib/daemon-unix.c
> index ae59ecf2c..d32a60657 100644
> --- a/lib/daemon-unix.c
> +++ b/lib/daemon-unix.c
> @@ -820,6 +820,7 @@ daemon_become_new_user_linux(bool access_datapath OVS_UNUSED)
>              if (access_datapath && !ret) {
>                  ret = capng_update(CAPNG_ADD, cap_sets, CAP_NET_ADMIN)
>                        || capng_update(CAPNG_ADD, cap_sets, CAP_NET_RAW)
> +                      || capng_update(CAPNG_ADD, cap_sets, CAP_SYS_RAWIO)
>                        || capng_update(CAPNG_ADD, cap_sets, CAP_NET_BROADCAST);
>              }
>          } else {

This patch seems incomplete: the manual is not updated and I would
expect some changes in the selinux policy files.


-- 
David Marchand



More information about the dev mailing list