Public bug reported:
Openvswitch has a nice security feature where one can drop privileges via
--user option.
Unfortunately due to the nature of DPDK it needs root permissions to initialize
most of its resources.
Thereby --dpdk and --user are mutually exclusive.
There are upstream discussions ongoing if it could first initialize DPDK and
then drop permissions.
But then it was identified that this would imply no adding/removing of dpdk
devices at runtime.
So the discussions go on for now.
Once an upstream solution is ready we can decide if we backport or wait
until we merge a newer version - therefore just wishlist for now.
** Affects: dpdk (Ubuntu)
Importance: Undecided
Status: Triaged
** Affects: openvswitch-dpdk (Ubuntu)
Importance: Wishlist
Status: Triaged
** Also affects: openvswitch-dpdk (Ubuntu)
Importance: Undecided
Status: New
** Changed in: dpdk (Ubuntu)
Status: New => Triaged
** Changed in: openvswitch-dpdk (Ubuntu)
Status: New => Triaged
** Changed in: openvswitch-dpdk (Ubuntu)
Importance: Undecided => Wishlist
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to dpdk in Ubuntu.
https://bugs.launchpad.net/bugs/1546556
Title:
Dropping privileges in openvswitch-switch via --user is incompatible
with --dpdk
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/dpdk/+bug/1546556/+subscriptions
--
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
