[ovs-discuss] EXTERNAL: Re: Unable to add flows - Operation not permitted

Ben Pfaff blp at ovn.org
Thu May 6 16:51:22 UTC 2021


I don't know.  The problem would be different, since it would be about
whether OVS-DPDK can get the required access to the network device
rather than the kernel module.

On Thu, May 06, 2021 at 01:04:14AM +0000, Seshadri, Usha wrote:
> Thanks for your response Ben. Since kernel datapath requires root, would using DPDK solve this problem? Can OVS-DPDK run as non-root?
> 
> Thanks,
> Usha
> 
> 
> -----Original Message-----
> From: Ben Pfaff <blp at ovn.org> 
> Sent: Wednesday, May 5, 2021 7:25 PM
> To: Seshadri, Usha (US) <usha.seshadri at lmco.com>
> Cc: ovs-discuss at openvswitch.org
> Subject: EXTERNAL: Re: [ovs-discuss] Unable to add flows - Operation not permitted
> 
> On Wed, May 05, 2021 at 07:38:45PM +0000, Seshadri, Usha wrote:
> >   1.  I am trying to add flows by executing the following command on the CLI as a non-root user, but I see 'Operation not permitted' errors in the log file as provided below:
> 
> [...]
> 
> > 2021-05-05T16:05:15.278Z|00012|ofproto_dpif|ERR|failed to open 
> > datapath of type system: Operation not permitted 
> > 2021-05-05T16:05:15.278Z|00013|ofproto|ERR|failed to open datapath 
> > br0: Operation not permitted 
> > 2021-05-05T16:05:15.278Z|00014|bridge|ERR|failed to create bridge br0: 
> > Operation not permitted
> 
> I guess that you are using the OVS datapath that uses the Linux kernel module.  Ordinarily, this does require root.  People who work with containers a lot (nto me) might know some workaround.
> 
> >   1.  Running the command again says the bridge already exists.
> > 
> > ovs-vsctl add-br br0
> > ovs-vsctl: cannot create a bridge named br0 because a bridge named br0 
> > already exists
> 
> Yes.  ovs-vsctl just modifies the database, which already has an entry for the bridge.  OVS tries to configure the system to look like the database, but it doesn't succeed because it doesn't have the right permissions.
> 
> > It appears I may be running into permissions issue. The owner + group permissions are identical, owned by root. The user in OpenShift belongs to the root group. Does OVS need to run as root? Any help with this is greatly appreciated.
> 
> I can't help with this part, but maybe someone else can.


More information about the discuss mailing list