From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 4B373A0C55; Tue, 31 Aug 2021 19:49:54 +0200 (CEST) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 163774013F; Tue, 31 Aug 2021 19:49:54 +0200 (CEST) Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [216.205.24.124]) by mails.dpdk.org (Postfix) with ESMTP id 4AE9040041 for ; Tue, 31 Aug 2021 19:49:52 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1630432191; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=0vOmekLTcjWpQgOfZYM5SMYtdLX5UXuDCFn5g4tQjBE=; b=DZ0eQf7U/Z70bvpTEVzTu+iAPDVKyE9Yu0hptEFkb7eJaHcHYn+9Y9sPT8drhw5bct8j/3 QCagwvigutaZjreMc95SifEtd3Urv4zUNL1/ezbiC2JynBymbtsBMRj9xl2s2J76u5cQIJ 3ODWOCapoWPezYULVTlbp6rP04PSmWM= Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-183-3mIRI_aUOmqKbH19vCO98A-1; Tue, 31 Aug 2021 13:49:47 -0400 X-MC-Unique: 3mIRI_aUOmqKbH19vCO98A-1 Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.phx2.redhat.com [10.5.11.14]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 166458CC7BC; Tue, 31 Aug 2021 17:49:45 +0000 (UTC) Received: from RHTPC1VM0NT (unknown [10.22.17.187]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 6946B7880C; Tue, 31 Aug 2021 17:49:39 +0000 (UTC) From: Aaron Conole To: David Marchand Cc: Kamaraj P , Thomas Monjalon , dev , Anatoly Burakov , Ferruh Yigit , ksimha@cisco.com, kalas@cisco.com, seveluch@cisco.com, "techboard@dpdk.org" , hpai@cisco.com, ppitchai@cisco.com References: <66ba0b52-83bf-f7a0-aa79-66a267af32c4@intel.com> <3485790.tFL5Z3R0ll@thomas> Date: Tue, 31 Aug 2021 13:49:38 -0400 In-Reply-To: (David Marchand's message of "Tue, 31 Aug 2021 17:34:52 +0200") Message-ID: User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.2 (gnu/linux) MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.14 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=aconole@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Type: text/plain Subject: Re: [dpdk-dev] Running DPDK application with non-previlege mode X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" David Marchand writes: > On Tue, Aug 31, 2021 at 5:27 PM Kamaraj P wrote: >> >> Hi Thomas, >> We are trying with the IGB_UIO driver in our DPDK application. > > Running with igb-uio as a non priviledged user is not possible (or, at > best, makes little sense). > > >> Is there any documentation where we need to start to run a DPDK >> application with minimal system capability? >> Also please let us know if there is any known dependency with DPDK >> versions (dpdk application with 18, 19.11 versions etc) when we run >> with sys capabilit. >> >> Hi David, >> Can you please share with us the pointer for OVS integration(DPDK running as non-privileged mode ?) > > I don't have a full list, here is what I have in mind. > > For non mellanox devices, you'll have to rely on vfio-pci bound > devices and setup access to those fds. > https://github.com/openvswitch/ovs/blob/master/rhel/usr_lib_udev_rules.d_91-vfio.rules > > For mellanox devices and some parts of dpdk, you need (quite) some capabilities: > https://github.com/openvswitch/ovs/blob/master/lib/daemon-unix.c#L812 > > There are also hugepages accesses to consider: > https://github.com/openvswitch/ovs/blob/master/rhel/usr_lib_systemd_system_ovs-vswitchd.service.in#L20 > > There are selinux considerations too. See: https://github.com/openvswitch/ovs/tree/master/selinux Additionally, you might need to do some additional work for whatever LSM you use. For example, AppArmor, etc.