[ovs-discuss] Running userspace as nonroot

Ben Pfaff blp at nicira.com
Mon Apr 11 16:42:49 UTC 2011

On Sat, Apr 09, 2011 at 02:42:10PM -0400, Aaron Rosen wrote:
> This patch made it work for me. I have one more question. I'm trying to run
> ovs on a cluster of machines that I don't have root on but I can probably
> get some permissions changed on some things.
> I'm wondering if you knew what would be required in order to get
> ovs-oepnflowd netdev at br0 --ports=eth0 tcp: working?

I think that, at a minimum, ovs-openflowd would have to be able to
open AF_PACKET sockets and /dev/net/tun.  The former requires the
CAP_NET_RAW capability.  I don't know much about capabilities, so I
can't tell you how to give that to a process without making it root.
The latter is, I think, just a matter of file permissions.

More information about the discuss mailing list