From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 45087A0548 for ; Wed, 8 Jun 2022 02:13:53 +0200 (CEST) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 3B43F41132; Wed, 8 Jun 2022 02:13:53 +0200 (CEST) Received: from mail-pf1-f176.google.com (mail-pf1-f176.google.com [209.85.210.176]) by mails.dpdk.org (Postfix) with ESMTP id 23C1E4021F for ; Wed, 8 Jun 2022 02:13:51 +0200 (CEST) Received: by mail-pf1-f176.google.com with SMTP id 15so16920131pfy.3 for ; Tue, 07 Jun 2022 17:13:51 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=networkplumber-org.20210112.gappssmtp.com; s=20210112; h=date:from:to:cc:subject:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=Vxc63H9FfP7HDAsqUGi6113uZK/HREHA+KZSMet+Rgc=; b=UsYiofmnOMMbH+axwF4Da71PU7w065s4kCaFPDiEbmveSP3AXvkoGO0QkKz8RctG21 9h6Z0O+3h0Q+XRlDjr8tqspEH4W5xtX3G401vwju3HhHU2cSamlrwtf03AvoQkArqnSd 9PyS2gE+XDsX3txfIugCw69Ll0NT5jrbQ1/uUB7FK4gbo2cEPChgpdcuy4e459q2QGsb aSv12FVeWit467RMLPnve/+EVUZ85qVfzrkeMGEHne66uPppvRk6s1PXKpzs9S8V+b6J Qy2Ic4ZdYbUW5IakcbVtTbQLAzOZCTg0+YasDQ4sk+R3w7/NytkNn5bC621KbvjPXatg hNyA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:date:from:to:cc:subject:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=Vxc63H9FfP7HDAsqUGi6113uZK/HREHA+KZSMet+Rgc=; b=l4z73El7/2XIkoOW+hWF/xA5qaNlYDh2bJ08gV/9oO1fZnhuRlpNCQHW4c9UqLaRUw USORR7GoGnGW5n2gt76NcQnpbA694jfETRM6t+kTcJ7KKtLXvFhV/bDsRTxTuab4dfLo G0WgjYJF+v5AubqRwqy4kofL/1tb0aEwK27ICXquctvxplVbArNbn/gjytijkFEJCvTK 3u3itCzDukzwI16NSXxqFK7pEW+ht4RfuFtnXqdBZoEk24Uw50Pf4SxbB13iiXuIEmrg h8Uh2OC6HMPUe8X7myTvd6f2HFlkJ4ZBDpammT/lR1VHBH96cOJ0SzoZAAXDIvfKYzN1 dugQ== X-Gm-Message-State: AOAM531qCBppO1qxQIhzX2OWj6qHcQG+kpIQamcQqe4MNn1DN1GfgJ4t JedX8lr1uOwrfo+RmAxvHUJZSNfYBm9N8A== X-Google-Smtp-Source: ABdhPJyaDTYup2BCRHoOTOekeX6NpRuOm6cl58lkU0eYRfgHxcvUxuBRhShSSMiS2Ciu4DVqqsj1PA== X-Received: by 2002:a65:6205:0:b0:3f5:d436:5446 with SMTP id d5-20020a656205000000b003f5d4365446mr27508643pgv.532.1654647230159; Tue, 07 Jun 2022 17:13:50 -0700 (PDT) Received: from hermes.local (204-195-112-199.wavecable.com. [204.195.112.199]) by smtp.gmail.com with ESMTPSA id d14-20020a170902654e00b0015e8d4eb28fsm13250174pln.217.2022.06.07.17.13.49 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 07 Jun 2022 17:13:49 -0700 (PDT) Date: Tue, 7 Jun 2022 17:13:47 -0700 From: Stephen Hemminger To: Dmitry Kozlyuk Cc: , Thomas Monjalon , Subject: Re: [PATCH 4/4] doc: update instructions for running as non-root for MLX5 Message-ID: <20220607171347.43200cbe@hermes.local> In-Reply-To: <20220607234949.2311884-5-dkozlyuk@nvidia.com> References: <20220607234949.2311884-1-dkozlyuk@nvidia.com> <20220607234949.2311884-5-dkozlyuk@nvidia.com> MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-BeenThere: stable@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: patches for DPDK stable branches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: stable-bounces@dpdk.org On Wed, 8 Jun 2022 02:49:49 +0300 Dmitry Kozlyuk wrote: > Reference the common guide for generic setup. > Remove excessive capabilities from the recommended list. > > Cc: stable@dpdk.org > > Signed-off-by: Dmitry Kozlyuk > --- > doc/guides/platform/mlx5.rst | 22 ++++++++++------------ > 1 file changed, 10 insertions(+), 12 deletions(-) This change needs additional changes to make it correct English grammar. > diff --git a/doc/guides/platform/mlx5.rst b/doc/guides/platform/mlx5.rst > index 64a4c5e76e..956a72fadf 100644 > --- a/doc/guides/platform/mlx5.rst > +++ b/doc/guides/platform/mlx5.rst > @@ -404,25 +404,23 @@ The device can be bound again at this point. > Run as Non-Root > ^^^^^^^^^^^^^^^ > > -In order to run as a non-root user, > -some capabilities must be granted to the application:: > +Hugepage and resource limit setup is documented Subject is plural so verb must be plural => are documented > +in the :ref:`common Linux guide `. > +This PMD does not require physical addresses, > +so capability configuration is not needed to access hugepages. In technical writing "therefore" is preferred over "so" and you need a preposition. Please reword something like: "This PMD does can operate without direct physical memory and hugepages are not required." Often applications will keep using hugepages (makes them NIC independent) and in that case they would still need permissions. > +Note that physical addresses may be required by other drivers. > > - setcap cap_sys_admin,cap_net_admin,cap_net_raw,cap_ipc_lock+ep > +Additional capabilities must be granted to the application:: > > -Below are the reasons for the need of each capability: > - > -``cap_sys_admin`` > - When using physical addresses (PA mode), with Linux >= 4.0, > - for access to ``/proc/self/pagemap``. > + setcap cap_net_raw,cap_net_admin,cap_sys_rawio+ep > > -``cap_net_admin`` > - For device configuration. > +Below are the reasons for the need of each capability: > > ``cap_net_raw`` > For raw ethernet queue allocation through kernel driver. > > -``cap_ipc_lock`` > - For DMA memory pinning. > +``cap_net_admin`` > + For device configuration, like setting link status or MTU. > The most common usage for running as non-root is some container system. In that case capabilities are managed by the container service (ie systemd, docker, etc) and not done by setting filesystem capabilities.