Re: [ovs-discuss] DPDK with UIO drivers is broken on Fedora since OVS 2.8.0
Hi Marcos, Marcos Felipe Schwarz <marcos.schw...@rnp.br> writes: > Thanks for the suggestion Aaron. > > Follows below the revised patch for the current master using Aaron and > Timothy contributions. May I submit the patch as is or are there any further > suggestions? > I've tested it in the following conditions: > 1) Fedora 27, ovs_user root:root, vfio-uio driver: Fixed by this patch > 2) Fedora 27, ovs_user root:root, uio-pci-generic driver: Fixed by this patch > 3) Fedora 27, ovs_user openvswitch:hugetlbfs, vfio-uio driver: Continues > working > 4) Fedora 27, ovs_user openvswitch:hugetlbfs, uio-pci-generic driver: > Continues broken, for kernel 4.0 and newer since the user is missing the > CAP_SYS_ADMIN capability. Ref: > https://www.kernel.org/doc/Documentation/vm/pagemap.txt Thanks for following up with this! Please submit it as a patch. I will set aside time to review it (if Timothy doesn't beat me to it). > diff --git a/lib/daemon-unix.c b/lib/daemon-unix.c > index adb549c98..06528e9ab 100644 > --- a/lib/daemon-unix.c > +++ b/lib/daemon-unix.c > @@ -1047,5 +1047,6 @@ daemon_set_new_user(const char *user_spec) > } > }kernel > > -switch_user = true; > +if (!uid_verify(uid) || !gid_verify(gid)) > +switch_user = true; > } > diff --git a/rhel/usr_lib_systemd_system_ovs-vswitchd.service.in > b/rhel/usr_lib_systemd_system_ovs-vswitchd.service.in > index c6d9aa1b8..9b01c9271 100644 > --- a/rhel/usr_lib_systemd_system_ovs-vswitchd.service.in > +++ b/rhel/usr_lib_systemd_system_ovs-vswitchd.service.in > @@ -14,7 +14,7 @@ Environment=HOME=/var/run/openvswitch > EnvironmentFile=/etc/openvswitch/default.conf > EnvironmentFile=-/etc/sysconfig/openvswitch > @begin_dpdk@ > -ExecStartPre=-/usr/bin/chown :hugetlbfs /dev/hugepages > +ExecStartPre=-/bin/sh -c '/usr/bin/chown :${OVS_USER_ID##*:} /dev/hugepages' > ExecStartPre=-/usr/bin/chmod 0775 /dev/hugepages > @end_dpdk@ > ExecStart=/usr/share/openvswitch/scripts/ovs-ctl \ > > Regards, > > Marcos Schwarz > > - Original Message - > From: "Aaron Conole" <acon...@redhat.com> > To: "Marcos Felipe Schwarz" <marcos.schw...@rnp.br> > Cc: "Timothy Redaelli" <tredae...@redhat.com>, ovs-discuss@openvswitch.org > Sent: Wednesday, January 10, 2018 6:54:24 PM > Subject: Re: [ovs-discuss] DPDK with UIO drivers is broken on Fedora since > OVS 2.8.0 > > Marcos Felipe Schwarz <marcos.schw...@rnp.br> writes: > >> Thanks for the suggestion Timothy, didn't knew that worked. Just >> fixing some little things, it should be: >> ExecStartPre=-/usr/bin/chown :${OVS_USER_ID##*:} /dev/hugepages >> >> Regarding the daemon-unix.c patch, any suggestions on how to improve >> it? I tested it is working, but currently, I'm not aware if the new >> capability should be set separeted as I did or using any of the >> current blocks of code. > > One thing that might work is to not attempt switching users and > capabilities if the current user is the target user. > > ex: > > @@ -1047,5 +1047,6 @@ daemon_set_new_user(const char *user_spec) > } > } > > -switch_user = true; > +if (!uid_verify(uid) || !gid_verify(gid)) > +switch_user = true; > } > > NOTE: this isn't compile or runtime tested, just a thought. > >> Regards, >> >> Marcos Schwarz >> >> - Original Message - >> From: "Timothy Redaelli" <tredae...@redhat.com> >> To: "Marcos Felipe Schwarz" <marcos.schw...@rnp.br> >> Cc: "Ben Pfaff" <b...@ovn.org>, ovs-discuss@openvswitch.org >> Sent: Monday, January 8, 2018 9:20:17 AM >> Subject: Re: [ovs-discuss] DPDK with UIO drivers is broken on Fedora >> since OVS 2.8.0 >> >> On Sat, Jan 6, 2018 at 2:41 AM, Marcos Felipe Schwarz >> <marcos.schw...@rnp.br> wrote: >>> Got it fixed. >>> >>> The problem was related to not setting the CAP_SYS_ADMIN capability at >>> daemon-unix.c. Follows the patch bellow to set the capability and >>> dynamically extract the group from OVS_USER_ID instead of forcing it to >>> :hugetlbfs. >>> >>> diff --git a/lib/daemon-unix.c b/lib/daemon-unix.c >>> index 839114f3e..3b94164ea 100644 >>> --- a/lib/daemon-unix.c >>> +++ b/lib/daemon-unix.c >>> @@ -818,6 +818,9 @@ daemon_become_new_user_linux(bool access_datapath >>> OVS_UNUSED) >>> ret = capng_update(CAPNG_ADD, cap_sets, CAP_NET_ADMIN) >>>|| capng_update(CAPNG_ADD, cap_sets, CAP_NET_RAW); >>>
Re: [ovs-discuss] DPDK with UIO drivers is broken on Fedora since OVS 2.8.0
Thanks for the suggestion Aaron. Follows below the revised patch for the current master using Aaron and Timothy contributions. May I submit the patch as is or are there any further suggestions? I've tested it in the following conditions: 1) Fedora 27, ovs_user root:root, vfio-uio driver: Fixed by this patch 2) Fedora 27, ovs_user root:root, uio-pci-generic driver: Fixed by this patch 3) Fedora 27, ovs_user openvswitch:hugetlbfs, vfio-uio driver: Continues working 4) Fedora 27, ovs_user openvswitch:hugetlbfs, uio-pci-generic driver: Continues broken, for kernel 4.0 and newer since the user is missing the CAP_SYS_ADMIN capability. Ref: https://www.kernel.org/doc/Documentation/vm/pagemap.txt diff --git a/lib/daemon-unix.c b/lib/daemon-unix.c index adb549c98..06528e9ab 100644 --- a/lib/daemon-unix.c +++ b/lib/daemon-unix.c @@ -1047,5 +1047,6 @@ daemon_set_new_user(const char *user_spec) } }kernel -switch_user = true; +if (!uid_verify(uid) || !gid_verify(gid)) +switch_user = true; } diff --git a/rhel/usr_lib_systemd_system_ovs-vswitchd.service.in b/rhel/usr_lib_systemd_system_ovs-vswitchd.service.in index c6d9aa1b8..9b01c9271 100644 --- a/rhel/usr_lib_systemd_system_ovs-vswitchd.service.in +++ b/rhel/usr_lib_systemd_system_ovs-vswitchd.service.in @@ -14,7 +14,7 @@ Environment=HOME=/var/run/openvswitch EnvironmentFile=/etc/openvswitch/default.conf EnvironmentFile=-/etc/sysconfig/openvswitch @begin_dpdk@ -ExecStartPre=-/usr/bin/chown :hugetlbfs /dev/hugepages +ExecStartPre=-/bin/sh -c '/usr/bin/chown :${OVS_USER_ID##*:} /dev/hugepages' ExecStartPre=-/usr/bin/chmod 0775 /dev/hugepages @end_dpdk@ ExecStart=/usr/share/openvswitch/scripts/ovs-ctl \ Regards, Marcos Schwarz - Original Message - From: "Aaron Conole" <acon...@redhat.com> To: "Marcos Felipe Schwarz" <marcos.schw...@rnp.br> Cc: "Timothy Redaelli" <tredae...@redhat.com>, ovs-discuss@openvswitch.org Sent: Wednesday, January 10, 2018 6:54:24 PM Subject: Re: [ovs-discuss] DPDK with UIO drivers is broken on Fedora since OVS 2.8.0 Marcos Felipe Schwarz <marcos.schw...@rnp.br> writes: > Thanks for the suggestion Timothy, didn't knew that worked. Just > fixing some little things, it should be: > ExecStartPre=-/usr/bin/chown :${OVS_USER_ID##*:} /dev/hugepages > > Regarding the daemon-unix.c patch, any suggestions on how to improve > it? I tested it is working, but currently, I'm not aware if the new > capability should be set separeted as I did or using any of the > current blocks of code. One thing that might work is to not attempt switching users and capabilities if the current user is the target user. ex: @@ -1047,5 +1047,6 @@ daemon_set_new_user(const char *user_spec) } } -switch_user = true; +if (!uid_verify(uid) || !gid_verify(gid)) +switch_user = true; } NOTE: this isn't compile or runtime tested, just a thought. > Regards, > > Marcos Schwarz > > - Original Message - > From: "Timothy Redaelli" <tredae...@redhat.com> > To: "Marcos Felipe Schwarz" <marcos.schw...@rnp.br> > Cc: "Ben Pfaff" <b...@ovn.org>, ovs-discuss@openvswitch.org > Sent: Monday, January 8, 2018 9:20:17 AM > Subject: Re: [ovs-discuss] DPDK with UIO drivers is broken on Fedora since > OVS 2.8.0 > > On Sat, Jan 6, 2018 at 2:41 AM, Marcos Felipe Schwarz > <marcos.schw...@rnp.br> wrote: >> Got it fixed. >> >> The problem was related to not setting the CAP_SYS_ADMIN capability at >> daemon-unix.c. Follows the patch bellow to set the capability and >> dynamically extract the group from OVS_USER_ID instead of forcing it to >> :hugetlbfs. >> >> diff --git a/lib/daemon-unix.c b/lib/daemon-unix.c >> index 839114f3e..3b94164ea 100644 >> --- a/lib/daemon-unix.c >> +++ b/lib/daemon-unix.c >> @@ -818,6 +818,9 @@ daemon_become_new_user_linux(bool access_datapath >> OVS_UNUSED) >> ret = capng_update(CAPNG_ADD, cap_sets, CAP_NET_ADMIN) >>|| capng_update(CAPNG_ADD, cap_sets, CAP_NET_RAW); >> } >> +if (!ret) { >> +ret = capng_update(CAPNG_ADD, cap_sets, CAP_SYS_ADMIN); >> +} >> } else { >> ret = -1; >> } >> diff --git a/rhel/usr_lib_systemd_system_ovs-vswitchd.service.in >> b/rhel/usr_lib_systemd_system_ovs-vswitchd.service.in >> index c6d9aa1b8..94290a847 100644 >> --- a/rhel/usr_lib_systemd_system_ovs-vswitchd.service.in >> +++ b/rhel/usr_lib_systemd_system_ovs-vswitchd.service.in >> @@ -14,7 +14,7 @@ Environment=HOME=/var/run/openvswitch >> EnvironmentFile=/etc/openvswitch/default.conf >> EnvironmentFile=-/etc/sysconfig/ope
Re: [ovs-discuss] DPDK with UIO drivers is broken on Fedora since OVS 2.8.0
Marcos Felipe Schwarz <marcos.schw...@rnp.br> writes: > Thanks for the suggestion Timothy, didn't knew that worked. Just > fixing some little things, it should be: > ExecStartPre=-/usr/bin/chown :${OVS_USER_ID##*:} /dev/hugepages > > Regarding the daemon-unix.c patch, any suggestions on how to improve > it? I tested it is working, but currently, I'm not aware if the new > capability should be set separeted as I did or using any of the > current blocks of code. One thing that might work is to not attempt switching users and capabilities if the current user is the target user. ex: @@ -1047,5 +1047,6 @@ daemon_set_new_user(const char *user_spec) } } -switch_user = true; +if (!uid_verify(uid) || !gid_verify(gid)) +switch_user = true; } NOTE: this isn't compile or runtime tested, just a thought. > Regards, > > Marcos Schwarz > > - Original Message - > From: "Timothy Redaelli" <tredae...@redhat.com> > To: "Marcos Felipe Schwarz" <marcos.schw...@rnp.br> > Cc: "Ben Pfaff" <b...@ovn.org>, ovs-discuss@openvswitch.org > Sent: Monday, January 8, 2018 9:20:17 AM > Subject: Re: [ovs-discuss] DPDK with UIO drivers is broken on Fedora since > OVS 2.8.0 > > On Sat, Jan 6, 2018 at 2:41 AM, Marcos Felipe Schwarz > <marcos.schw...@rnp.br> wrote: >> Got it fixed. >> >> The problem was related to not setting the CAP_SYS_ADMIN capability at >> daemon-unix.c. Follows the patch bellow to set the capability and >> dynamically extract the group from OVS_USER_ID instead of forcing it to >> :hugetlbfs. >> >> diff --git a/lib/daemon-unix.c b/lib/daemon-unix.c >> index 839114f3e..3b94164ea 100644 >> --- a/lib/daemon-unix.c >> +++ b/lib/daemon-unix.c >> @@ -818,6 +818,9 @@ daemon_become_new_user_linux(bool access_datapath >> OVS_UNUSED) >> ret = capng_update(CAPNG_ADD, cap_sets, CAP_NET_ADMIN) >>|| capng_update(CAPNG_ADD, cap_sets, CAP_NET_RAW); >> } >> +if (!ret) { >> +ret = capng_update(CAPNG_ADD, cap_sets, CAP_SYS_ADMIN); >> +} >> } else { >> ret = -1; >> } >> diff --git a/rhel/usr_lib_systemd_system_ovs-vswitchd.service.in >> b/rhel/usr_lib_systemd_system_ovs-vswitchd.service.in >> index c6d9aa1b8..94290a847 100644 >> --- a/rhel/usr_lib_systemd_system_ovs-vswitchd.service.in >> +++ b/rhel/usr_lib_systemd_system_ovs-vswitchd.service.in >> @@ -14,7 +14,7 @@ Environment=HOME=/var/run/openvswitch >> EnvironmentFile=/etc/openvswitch/default.conf >> EnvironmentFile=-/etc/sysconfig/openvswitch >> @begin_dpdk@ >> -ExecStartPre=-/usr/bin/chown :hugetlbfs /dev/hugepages >> +ExecStartPre=-/bin/sh -c 'chown :$(echo $OVS_USER_ID | tr ":" "\n" | tail >> -1) /dev/hugepages' > > I think it's better to avoid using multiple useless forks, shell > script parameter expansion are better in this case: > > ExecStartPre=-/bin/sh -c '/usr/bin/chown $${OVS_USER_ID##*:} /dev/hugepages' > >> ExecStartPre=-/usr/bin/chmod 0775 /dev/hugepages >> @end_dpdk@ >> ExecStart=/usr/share/openvswitch/scripts/ovs-ctl \ >> >> Regards, >> >> Marcos Schwarz > ___ > discuss mailing list > disc...@openvswitch.org > https://mail.openvswitch.org/mailman/listinfo/ovs-discuss ___ discuss mailing list disc...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
Re: [ovs-discuss] DPDK with UIO drivers is broken on Fedora since OVS 2.8.0
Thanks for the suggestion Timothy, didn't knew that worked. Just fixing some little things, it should be: ExecStartPre=-/usr/bin/chown :${OVS_USER_ID##*:} /dev/hugepages Regarding the daemon-unix.c patch, any suggestions on how to improve it? I tested it is working, but currently, I'm not aware if the new capability should be set separeted as I did or using any of the current blocks of code. Regards, Marcos Schwarz - Original Message - From: "Timothy Redaelli" <tredae...@redhat.com> To: "Marcos Felipe Schwarz" <marcos.schw...@rnp.br> Cc: "Ben Pfaff" <b...@ovn.org>, ovs-discuss@openvswitch.org Sent: Monday, January 8, 2018 9:20:17 AM Subject: Re: [ovs-discuss] DPDK with UIO drivers is broken on Fedora since OVS 2.8.0 On Sat, Jan 6, 2018 at 2:41 AM, Marcos Felipe Schwarz <marcos.schw...@rnp.br> wrote: > Got it fixed. > > The problem was related to not setting the CAP_SYS_ADMIN capability at > daemon-unix.c. Follows the patch bellow to set the capability and dynamically > extract the group from OVS_USER_ID instead of forcing it to :hugetlbfs. > > diff --git a/lib/daemon-unix.c b/lib/daemon-unix.c > index 839114f3e..3b94164ea 100644 > --- a/lib/daemon-unix.c > +++ b/lib/daemon-unix.c > @@ -818,6 +818,9 @@ daemon_become_new_user_linux(bool access_datapath > OVS_UNUSED) > ret = capng_update(CAPNG_ADD, cap_sets, CAP_NET_ADMIN) >|| capng_update(CAPNG_ADD, cap_sets, CAP_NET_RAW); > } > +if (!ret) { > +ret = capng_update(CAPNG_ADD, cap_sets, CAP_SYS_ADMIN); > +} > } else { > ret = -1; > } > diff --git a/rhel/usr_lib_systemd_system_ovs-vswitchd.service.in > b/rhel/usr_lib_systemd_system_ovs-vswitchd.service.in > index c6d9aa1b8..94290a847 100644 > --- a/rhel/usr_lib_systemd_system_ovs-vswitchd.service.in > +++ b/rhel/usr_lib_systemd_system_ovs-vswitchd.service.in > @@ -14,7 +14,7 @@ Environment=HOME=/var/run/openvswitch > EnvironmentFile=/etc/openvswitch/default.conf > EnvironmentFile=-/etc/sysconfig/openvswitch > @begin_dpdk@ > -ExecStartPre=-/usr/bin/chown :hugetlbfs /dev/hugepages > +ExecStartPre=-/bin/sh -c 'chown :$(echo $OVS_USER_ID | tr ":" "\n" | tail > -1) /dev/hugepages' I think it's better to avoid using multiple useless forks, shell script parameter expansion are better in this case: ExecStartPre=-/bin/sh -c '/usr/bin/chown $${OVS_USER_ID##*:} /dev/hugepages' > ExecStartPre=-/usr/bin/chmod 0775 /dev/hugepages > @end_dpdk@ > ExecStart=/usr/share/openvswitch/scripts/ovs-ctl \ > > Regards, > > Marcos Schwarz ___ discuss mailing list disc...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
Re: [ovs-discuss] DPDK with UIO drivers is broken on Fedora since OVS 2.8.0
On Sat, Jan 6, 2018 at 2:41 AM, Marcos Felipe Schwarzwrote: > Got it fixed. > > The problem was related to not setting the CAP_SYS_ADMIN capability at > daemon-unix.c. Follows the patch bellow to set the capability and dynamically > extract the group from OVS_USER_ID instead of forcing it to :hugetlbfs. > > diff --git a/lib/daemon-unix.c b/lib/daemon-unix.c > index 839114f3e..3b94164ea 100644 > --- a/lib/daemon-unix.c > +++ b/lib/daemon-unix.c > @@ -818,6 +818,9 @@ daemon_become_new_user_linux(bool access_datapath > OVS_UNUSED) > ret = capng_update(CAPNG_ADD, cap_sets, CAP_NET_ADMIN) >|| capng_update(CAPNG_ADD, cap_sets, CAP_NET_RAW); > } > +if (!ret) { > +ret = capng_update(CAPNG_ADD, cap_sets, CAP_SYS_ADMIN); > +} > } else { > ret = -1; > } > diff --git a/rhel/usr_lib_systemd_system_ovs-vswitchd.service.in > b/rhel/usr_lib_systemd_system_ovs-vswitchd.service.in > index c6d9aa1b8..94290a847 100644 > --- a/rhel/usr_lib_systemd_system_ovs-vswitchd.service.in > +++ b/rhel/usr_lib_systemd_system_ovs-vswitchd.service.in > @@ -14,7 +14,7 @@ Environment=HOME=/var/run/openvswitch > EnvironmentFile=/etc/openvswitch/default.conf > EnvironmentFile=-/etc/sysconfig/openvswitch > @begin_dpdk@ > -ExecStartPre=-/usr/bin/chown :hugetlbfs /dev/hugepages > +ExecStartPre=-/bin/sh -c 'chown :$(echo $OVS_USER_ID | tr ":" "\n" | tail > -1) /dev/hugepages' I think it's better to avoid using multiple useless forks, shell script parameter expansion are better in this case: ExecStartPre=-/bin/sh -c '/usr/bin/chown $${OVS_USER_ID##*:} /dev/hugepages' > ExecStartPre=-/usr/bin/chmod 0775 /dev/hugepages > @end_dpdk@ > ExecStart=/usr/share/openvswitch/scripts/ovs-ctl \ > > Regards, > > Marcos Schwarz ___ discuss mailing list disc...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
Re: [ovs-discuss] DPDK with UIO drivers is broken on Fedora since OVS 2.8.0
Hi Ben, I couldn't find a working solution for supporting running ovs as root and as another user. There seems to be some difference when running ovs-vswithd without the --user parameter and with --user=root:root which affects the permission to use UIO. Only without --user I'm able to use UIO. So my current fix includes to remove "--ovs-user=${OVS_USER_ID} \" from ovs-vswitchd.service. Comparing the logs from each execution the difference is that when using --user the following error appears: 2018-01-05T19:33:08.285Z|00012|dpdk|ERR|EAL: Cannot obtain physical addresses: No such file or directory. Only vfio will function. My guess is that when the daemon is switch from native root:root to the --user root:root it looses some permission related to /proc/self/pagemap. Do you have any suggestion on how to move forward? One way around would be to define an exception to not try to switch the user when the value is root:root. Regards, Marcos Schwarz - Original Message - From: "Ben Pfaff" <b...@ovn.org> To: "Marcos Felipe Schwarz" <marcos.schw...@rnp.br> Cc: ovs-discuss@openvswitch.org Sent: Monday, November 27, 2017 6:31:39 PM Subject: Re: [ovs-discuss] DPDK with UIO drivers is broken on Fedora since OVS 2.8.0 On Tue, Nov 21, 2017 at 12:08:51PM -0200, Marcos Felipe Schwarz wrote: > Hi, > > The current solution for running OVS with non-root user in Fedora makes it > not possible to support UIO drivers [1]. > Setting the user to root:root via /etc/sysconfig/openvswitch should be a > solution, but it is also currently broken, since the systemd > ovs-vswitchd.service is forcing the group :hugetlbfs to /dev/hugepages [2], > which breaks root access to it. > Would it be possible to change the permissions only if the user in not root? > Currently I can only make UIO work on fedora removing this hardcoded > permissions on the systemd files. I believe that either root:root should not > conflict with the systemd script or be explicitly unsupported. > > [1] For Linux kernel 4.0 and newer, the ability to obtain physical page frame > numbers for unprivileged users from /proc/self/pagemap was removed. > Source. > http://dpdk.org/browse/dpdk/commit/?id=cdc242f260e766bd95a658b5e0686a62ec04f5b0 > [2] ExecStartPre=-/usr/bin/chown :hugetlbfs /dev/hugepages. > https://github.com/openvswitch/ovs/blob/master/rhel/usr_lib_systemd_system_ovs-vswitchd.service.in Are you able to submit a patch to solve the problem? It sounds like you have a specific idea about what should be done. ___ discuss mailing list disc...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
Re: [ovs-discuss] DPDK with UIO drivers is broken on Fedora since OVS 2.8.0
On Tue, Nov 21, 2017 at 12:08:51PM -0200, Marcos Felipe Schwarz wrote: > Hi, > > The current solution for running OVS with non-root user in Fedora makes it > not possible to support UIO drivers [1]. > Setting the user to root:root via /etc/sysconfig/openvswitch should be a > solution, but it is also currently broken, since the systemd > ovs-vswitchd.service is forcing the group :hugetlbfs to /dev/hugepages [2], > which breaks root access to it. > Would it be possible to change the permissions only if the user in not root? > Currently I can only make UIO work on fedora removing this hardcoded > permissions on the systemd files. I believe that either root:root should not > conflict with the systemd script or be explicitly unsupported. > > [1] For Linux kernel 4.0 and newer, the ability to obtain physical page frame > numbers for unprivileged users from /proc/self/pagemap was removed. > Source. > http://dpdk.org/browse/dpdk/commit/?id=cdc242f260e766bd95a658b5e0686a62ec04f5b0 > [2] ExecStartPre=-/usr/bin/chown :hugetlbfs /dev/hugepages. > https://github.com/openvswitch/ovs/blob/master/rhel/usr_lib_systemd_system_ovs-vswitchd.service.in Are you able to submit a patch to solve the problem? It sounds like you have a specific idea about what should be done. ___ discuss mailing list disc...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
[ovs-discuss] DPDK with UIO drivers is broken on Fedora since OVS 2.8.0
Hi, The current solution for running OVS with non-root user in Fedora makes it not possible to support UIO drivers [1]. Setting the user to root:root via /etc/sysconfig/openvswitch should be a solution, but it is also currently broken, since the systemd ovs-vswitchd.service is forcing the group :hugetlbfs to /dev/hugepages [2], which breaks root access to it. Would it be possible to change the permissions only if the user in not root? Currently I can only make UIO work on fedora removing this hardcoded permissions on the systemd files. I believe that either root:root should not conflict with the systemd script or be explicitly unsupported. [1] For Linux kernel 4.0 and newer, the ability to obtain physical page frame numbers for unprivileged users from /proc/self/pagemap was removed. Source. http://dpdk.org/browse/dpdk/commit/?id=cdc242f260e766bd95a658b5e0686a62ec04f5b0 [2] ExecStartPre=-/usr/bin/chown :hugetlbfs /dev/hugepages. https://github.com/openvswitch/ovs/blob/master/rhel/usr_lib_systemd_system_ovs-vswitchd.service.in Regards, Marcos Schwarz Coordenador de P | R Coordinator Gerência de Redes para Experimentos (GRE) / Management of Network for Experiments Diretoria de Pesquisa & Desenvolvimento (DPD) / Research & Development Department RNP – Rede Nacional de Ensino e Pesquisa http://www.rnp.br | Telefone: +55 (19) 3787 3386 | Skype: marcos.f.sch Campinas - SP - Brasil | E-mail: marcos.schw...@rnp.br ___ discuss mailing list disc...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-discuss