Hi,
In fact I think we should remove any Discretionary Access Control (--user) and ?implement proper Mandatory Access Control (SELinux and Apparmor) support. Unless anyone can bring up a good case to keep and/or extend DAC feature in OVS. The link you posted seems to mention Apparmor as the root cause for Permission Denied issue and not File Access bits - however this contradicts wit the fact that chown helped you to get rid of the error. To verify this can you do: 1. ps -Af for both processes that create and connect to the sokcet. 2. ls -la for the socket that is getting permission denied? Thanks, Ansis ________________________________ From: discuss <discuss-boun...@openvswitch.org> on behalf of Christian Ehrhardt <christian.ehrha...@canonical.com> Sent: Monday, January 25, 2016 10:32 PM To: dev@openvswitch.org; disc...@openvswitch.org Subject: [ovs-discuss] Somebody making --user and dpdk compatible again? Hi, to avoid missing another work already been done (and google didn't find me anything). Is there already work going on to get --user and dpdk working together? (see http://openvswitch.org/pipermail/dev/2015-September/060382.html) Background: While setting up a vhost_user based ovs-dpdk setup I'm struggling to get access to the vhost user sockets from qemu/kvm due to permission issues. Various mailing list posts like (http://openvswitch.org/pipermail/discuss/2015-August/018553.html) indicate to change the user running OVS, since the sockets are defaulting to process user/group. To run OVS as different user --user seems to be the preferred way. But as linked above, --user has other issues with DPDK and therefore is mutually exclusive for now. I was able to fix the permission issue with some chown/chmod, but I wonder if there would be cleaner way to do so at some point. Maybe eventually the approach is totally different anyway (like only specifying :group for the sockets to be created). But I wondered if that old mail thread is still worked on by somebody atm. Christian Ehrhardt Software Engineer, Ubuntu Server Canonical Ltd _______________________________________________ dev mailing list dev@openvswitch.org http://openvswitch.org/mailman/listinfo/dev
