On Fri, Aug 4, 2017 at 1:00 PM, Aaron Conole <acon...@redhat.com> wrote: > After this commit, users may start a dpdk-enabled ovs setup as a > non-root user. This is accomplished by exporting the $HOME directory, > which dpdk uses to fill in it's semi-persistent RTE configuration. > > This change may be a bit controversial since it modifies /dev/hugepages > as part of starting the ovs-vswitchd to set a hugetlbfs group > ownership. This is used to enable writing to /dev/hugepages so that the > dpdk_init will successfully complete. There is an alternate way of > accomplishing this - namely to initialize DPDK before dropping > privileges. However, this would mean that if DPDK ever grows an uninit > / reinit function, non-root ovs likely could never use it.
Indeed ... the modifications to /dev/hugepages don't look ideal ... If this was truly limited to when DPDK was in use, I'd feel better about it. We want to build a single package for OVS, right? The package will have DPDK enabled, even for normal uses that won't use DPDK. That means these modifications take place even for non-DPDK use. I'd feel more comfortable if it could be restricted to only when DPDK was actually in use. Maybe some of this logic could be moved into ovs-ctl so that the check could be at runtime? > > This does not change OvS+DPDK's SELinux requirements. It still must be > disabled. > > Signed-off-by: Aaron Conole <acon...@redhat.com> > --- > Documentation/intro/install/dpdk.rst | 7 +++++++ > NEWS | 1 + > rhel/README.RHEL.rst | 11 +++++++++++ > rhel/openvswitch-fedora.spec.in | 13 +++++++++++++ > rhel/usr_lib_systemd_system_ovs-vswitchd.service.in | 5 +++++ > 5 files changed, 37 insertions(+) _______________________________________________ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev