Tiago Lam <tiago....@intel.com> writes:

> When explaining on how to add vhost-user ports to a guest, using
> libvirt, the following piece of configuration is used:
>     <disk type='dir' device='disk'>
>       <driver name='qemu' type='fat'/>
>       <source dir='/usr/src/dpdk-stable-17.11.1'/>
>       <target dev='vdb' bus='virtio'/>
>       <readonly/>
>     </disk>
> This is used to facilitate sharing of a DPDK directory between the host
> and the guest. However, for this to work selinux also needs to be
> configured (or disabled).  Furthermore, if one is using Ubuntu, libvirtd
> would need to be added to complain only in AppArmor. Instead, in [1] it
> is advised to use wget to get the DPDK sources over the internet, which
> avoids this differentiation. Thus, we drop this piece of configuration
> here as well and keep the example configuration as simple as possible.
> This has been verified on both a Fedora 27 image and a Ubuntu 16.04 LTS
> image.
> [1] 
> http://docs.openvswitch.org/en/latest/topics/dpdk/vhost-user/#dpdk-in-the-guest
> Signed-off-by: Tiago Lam <tiago....@intel.com>
> ---
> CC'ed Stephen,
> I took the liberty of removing your TODO from here, as I read it to be related
> to the (now removed) SELinux instruction below. If you think it should still 
> be
> there let me know and I'll gladly send a v2.

I think it should remain until the selinux issues have been addressed.

Is there a list somewhere of the AVC denials?  Maybe it makes sense to
allow them.
dev mailing list

Reply via email to