2025-01-02 19:44 (UTC+0000), Alex K: > Should multiple users be able to take turns running DPDK apps on the same > system without using sudo? > > Hugepages setup is required for multi-process support. The > usertools/dpdk-hugepages.py script accepts user id and group id arguments > when mounting hugepages directory. And I was hoping that files created in > this directory would be created such that they would be accessible by the > users in this same group. However, I'm seeing that those created hugepages > files get the 0600 permissions (read/write by the user only) and group > ownership is not set to the group specified in the dpdk-hugepages.py script. > So another user attempting to run DPDK apps gets a Permission denied error > attempting to access hugepages files. > Is this a bug or by design? > Should each user have a separate hugepages directory setup somehow? > > I'm using vfio-pci kernel module with IOMMU, DPDK 23.11.1 LTS on RHEL 9. > Seeing same behavior with 24.11.1 LTS. Tried to follow the instructions at: > https://doc.dpdk.org/guides-23.11/linux_gsg/enable_func.html#running-dpdk-applications-without-root-privileges > > Would like to understand if what I'm attempting is supported and if there's > anything I'm missing. > Thank you.
Hi Alex, If you want to run independent applications as different users, you can use a common directory but specify different --file-prefix for each application (group of processes sharing hugepages). If you want to run different processes of one multi-process DPDK app as different users, they must use the common directory, so the current behavior with 0600 permissions is a blocker. They are set intentionally: http://git.dpdk.org/dpdk/commit/?id=da5d107207910fc318862579e7b588481c72c668 Ownership is not controlled, so default open(2) semantics apply, but there's still no way past the disabled group-writable bit. If this is the case, I wonder why this is needed? There isn't real privilege separation if processes share hugepages, which particularly means that both processes have access to HW and DMA.
