Public bug reported: Openvswitch has a nice security feature where one can drop privileges via --user option. Unfortunately due to the nature of DPDK it needs root permissions to initialize most of its resources. Thereby --dpdk and --user are mutually exclusive.
There are upstream discussions ongoing if it could first initialize DPDK and then drop permissions. But then it was identified that this would imply no adding/removing of dpdk devices at runtime. So the discussions go on for now. Once an upstream solution is ready we can decide if we backport or wait until we merge a newer version - therefore just wishlist for now. ** Affects: dpdk (Ubuntu) Importance: Undecided Status: Triaged ** Affects: openvswitch-dpdk (Ubuntu) Importance: Wishlist Status: Triaged ** Also affects: openvswitch-dpdk (Ubuntu) Importance: Undecided Status: New ** Changed in: dpdk (Ubuntu) Status: New => Triaged ** Changed in: openvswitch-dpdk (Ubuntu) Status: New => Triaged ** Changed in: openvswitch-dpdk (Ubuntu) Importance: Undecided => Wishlist -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to dpdk in Ubuntu. https://bugs.launchpad.net/bugs/1546556 Title: Dropping privileges in openvswitch-switch via --user is incompatible with --dpdk To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/dpdk/+bug/1546556/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs