Re: [ovs-dev] [PATCH 1/1] daemon-unix: Support OVS-DPDK HW offloads for non-root user

David Marchand Wed, 16 Sep 2020 09:24:21 -0700

On Tue, Sep 15, 2020 at 12:52 PM Ameer Mahagneh <[email protected]> wrote:
>
> For security reasons only root or privileged user can allocate Interconnect
> Context Memory (ICM). Add this capability for vendors that require ICM
> allocation when applying DPDK rte flows.
>
> Signed-off-by: Ameer Mahagneh <[email protected]>
> Acked-by: Eli Britstein <[email protected]>
> ---
>  lib/daemon-unix.c | 1 +
>  1 file changed, 1 insertion(+)
>
> diff --git a/lib/daemon-unix.c b/lib/daemon-unix.c
> index ae59ecf2c..d32a60657 100644
> --- a/lib/daemon-unix.c
> +++ b/lib/daemon-unix.c
> @@ -820,6 +820,7 @@ daemon_become_new_user_linux(bool access_datapath 
> OVS_UNUSED)
>              if (access_datapath && !ret) {
>                  ret = capng_update(CAPNG_ADD, cap_sets, CAP_NET_ADMIN)
>                        || capng_update(CAPNG_ADD, cap_sets, CAP_NET_RAW)
> +                      || capng_update(CAPNG_ADD, cap_sets, CAP_SYS_RAWIO)
>                        || capng_update(CAPNG_ADD, cap_sets, 
> CAP_NET_BROADCAST);
>              }
>          } else {


This patch seems incomplete: the manual is not updated and I would
expect some changes in the selinux policy files.


-- 
David Marchand

_______________________________________________
dev mailing list
[email protected]
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

Re: [ovs-dev] [PATCH 1/1] daemon-unix: Support OVS-DPDK HW offloads for non-root user

Reply via email to