From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <stable-bounces@dpdk.org>
Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124])
	by inbox.dpdk.org (Postfix) with ESMTP id 0927FA0093
	for <public@inbox.dpdk.org>; Fri, 17 Jun 2022 13:25:30 +0200 (CEST)
Received: from [217.70.189.124] (localhost [127.0.0.1])
	by mails.dpdk.org (Postfix) with ESMTP id B607F42B71;
	Fri, 17 Jun 2022 13:25:28 +0200 (CEST)
Received: from NAM04-BN8-obe.outbound.protection.outlook.com
 (mail-bn8nam04on2057.outbound.protection.outlook.com [40.107.100.57])
 by mails.dpdk.org (Postfix) with ESMTP id 4042D42802;
 Fri, 17 Jun 2022 13:25:23 +0200 (CEST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
 b=DAiZKCLn82ilc+m3KXwVxEJEzwrUPSoYcy1rkGNo9ipPH4E+VVSCmxSp7ChMYAbXn9kkF4onDOI6R6F7gEZoHecRR9kfLlK8nFU01jpjDtut0r3H0KxpDVmCLvjx2F2QKRg7MzglYyA5KUhI9Z4bD34I26WkJhDe/ku6KnFO3YJzkDupgCnjhoNrzEhiyt7/GF2F+f4AWj3L/ECah4aGLdayy1V1uahI/CzPr62VFuoEJR/RobuRfLPZl1ne7t4133pdSIuSIWfIxpAhuHvAiKoNUzX5Wnu8zSkJR+8JHhv7EX7bZSDcTwIrFs2iq1Oo/5fULghx7nP3TwFwf0Mdcg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; 
 s=arcselector9901;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
 bh=3PZsvV8UxwsCCg8Cj9IG54/SfJSnJ2wFglvspkVHfQs=;
 b=Jsp3Do3sgB9PZWrZB/urzSu3BPfnvj5Gw2IUM8QATSqWIAH2RVO5YIbNu+d9Zy6hcNz2ljJMmjHhzm+5VvDT6wcfe1YHUlcjAv1SJ66yenJ1Zgb4nJGpiOIT/GcthOJ9Ry+iu7u8c6ptMbQku9EtRt/PtonW15Jys7LygDF6SnJfjGD/FPnoM7jBSh5cyMgifVG0FVPUTTczpAV4qMmmJN3mUF0Pb4hV1hNpLOvOe74f69URQFUQiVRNN6FMuLDWraQAewjYJQhCNYujt4klkRaIrbagm90Yrt+UWaPvWKy5VgA6aIRp0gMzqXQdCA++YHsw2EbVm5DZj0t+iAaQUw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is
 12.22.5.235) smtp.rcpttodomain=dpdk.org smtp.mailfrom=nvidia.com; dmarc=pass
 (p=reject sp=reject pct=100) action=none header.from=nvidia.com; dkim=none
 (message not signed); arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=Nvidia.com;
 s=selector2;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=3PZsvV8UxwsCCg8Cj9IG54/SfJSnJ2wFglvspkVHfQs=;
 b=JexhAxt2BlE1NwpDaCUC/PMWNZmdrI1l6xlI8O820ZObPFKjFWxnqaq2mUP3v13ypW4MxoGiO7ZLJ3GIkmmyPCvxQ/vgBwkp1d7Z5o3XFBiGFcErDiyynhIvt7/y0WKwKhL9w+RijEZ0xyrjKaDpKWcdDMJpkTk0kWXsnSBX1TC/NzOZ4kdJhqJmpG2qL4A+rwdvvqN80ImZ8/SmbZjtSeZzRUWzukB+zVriQbKAKyGsEzYNMCR4eXoawPb+0ifqp2ewfAsZiw3FoLaG/m59RoTvJzrMzFTjMLZE3RcXFqLMp3YKgIeN6kyvopcAta9A7XJe1rc6/FAcXYQgR7uc4Q==
Received: from BN6PR16CA0021.namprd16.prod.outlook.com (2603:10b6:404:f5::31)
 by SN6PR12MB4751.namprd12.prod.outlook.com (2603:10b6:805:df::33)
 with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5332.16; Fri, 17 Jun
 2022 11:25:21 +0000
Received: from BN8NAM11FT030.eop-nam11.prod.protection.outlook.com
 (2603:10b6:404:f5:cafe::50) by BN6PR16CA0021.outlook.office365.com
 (2603:10b6:404:f5::31) with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5353.14 via Frontend
 Transport; Fri, 17 Jun 2022 11:25:21 +0000
X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 12.22.5.235)
 smtp.mailfrom=nvidia.com; dkim=none (message not signed)
 header.d=none;dmarc=pass action=none header.from=nvidia.com;
Received-SPF: Pass (protection.outlook.com: domain of nvidia.com designates
 12.22.5.235 as permitted sender) receiver=protection.outlook.com;
 client-ip=12.22.5.235; helo=mail.nvidia.com; pr=C
Received: from mail.nvidia.com (12.22.5.235) by
 BN8NAM11FT030.mail.protection.outlook.com (10.13.177.146) with Microsoft SMTP
 Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id
 15.20.5353.14 via Frontend Transport; Fri, 17 Jun 2022 11:25:21 +0000
Received: from rnnvmail201.nvidia.com (10.129.68.8) by DRHQMAIL107.nvidia.com
 (10.27.9.16) with Microsoft SMTP Server (TLS) id 15.0.1497.32;
 Fri, 17 Jun 2022 11:25:20 +0000
Received: from rnnvmail205.nvidia.com (10.129.68.10) by rnnvmail201.nvidia.com
 (10.129.68.8) with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.986.22; Fri, 17 Jun
 2022 04:25:19 -0700
Received: from nvidia.com (10.127.8.11) by mail.nvidia.com (10.129.68.10) with
 Microsoft SMTP Server id 15.2.986.22 via Frontend Transport;
 Fri, 17 Jun 2022 04:25:18 -0700
From: Dmitry Kozlyuk <dkozlyuk@nvidia.com>
To: <dev@dpdk.org>
CC: <stable@dpdk.org>
Subject: [PATCH v2 4/4] doc: update instructions for running as non-root for
 MLX5
Date: Fri, 17 Jun 2022 14:25:08 +0300
Message-ID: <20220617112508.3823291-5-dkozlyuk@nvidia.com>
X-Mailer: git-send-email 2.25.1
In-Reply-To: <20220617112508.3823291-1-dkozlyuk@nvidia.com>
References: <20220607234949.2311884-1-dkozlyuk@nvidia.com>
 <20220617112508.3823291-1-dkozlyuk@nvidia.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Content-Type: text/plain
X-EOPAttributedMessage: 0
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: 72421ff8-599b-4957-f6a3-08da50541091
X-MS-TrafficTypeDiagnostic: SN6PR12MB4751:EE_
X-Microsoft-Antispam-PRVS: <SN6PR12MB4751E52BB0217B9943304C36B9AF9@SN6PR12MB4751.namprd12.prod.outlook.com>
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: y/PyTlDJb10/iEc93ntiZnNttyYKZJOBBwN9S10JuchPBXXVFxtpsaBgH/eNItA83LWAjj78l8TFmDWNzRGoVlFrU6z84LMXFAn2jZP4Tfp9mzwmrfKgNhAfFlLHniaTOnvkGcgLJfBCR+6doPKTWFG/RWpCaDo0FoQXkKHrZ4qL7wudKrC4yB+I655D/WyvfPQend8DHEXtEn8bDhL78jftgxALkZRLHEiZA5urpgrX2MFIjMuC/VEEIrarkUEt/HC9lIw/x4kPh98kO/SwKh9bzf0yL9mmchCnZxpgcbHfL2MFzqa3GLtxUJUHTnwGCXeJfKdQeV6PUAvmRONiu7YyestMGcGqRkXWxRfSKkAJucwBUt8jbmk4KhUvCaW3/Df5qjUFlVVfGmtgauTNt370HzyL9VB6Lz1jM/4SG5oxhMg8U5DQIBb/ZJt8BqOUkxIffuS6gSDav4W7RYCW7fvrZhOmw4izRbgkGEM8I96Fw4GiZUBi9vCaCLrP9cmv85N6c1rK9uCyMhMTOD96xbPyVDS2hNKI4hJQM9qMim3w9n/TYWrIvJO74enV00pYp+M7uVPfQn+LdKuvSfmc4ubnJXVrGvL26m35Ab119hnIbvBXernPZ5YJvHyW2PUXQANN7h6hexSjWVPpdokchZurb+Cx/nMz83l4KoxIhrs+Bfmzpms3dLOy97myBGEZTEJmSXD0XmVyaD1YqwdABQ==
X-Forefront-Antispam-Report: CIP:12.22.5.235; CTRY:US; LANG:en; SCL:1; SRV:;
 IPV:NLI; SFV:NSPM; H:mail.nvidia.com; PTR:InfoNoRecords; CAT:NONE;
 SFS:(13230016)(4636009)(40470700004)(46966006)(36840700001)(2616005)(82310400005)(1076003)(186003)(83380400001)(47076005)(336012)(426003)(86362001)(7696005)(26005)(6666004)(55016003)(6286002)(36860700001)(2906002)(8936002)(6916009)(5660300002)(36756003)(81166007)(498600001)(356005)(70586007)(4326008)(8676002)(450100002)(70206006)(316002)(40460700003)(36900700001);
 DIR:OUT; SFP:1101; 
X-OriginatorOrg: Nvidia.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 17 Jun 2022 11:25:21.0260 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 72421ff8-599b-4957-f6a3-08da50541091
X-MS-Exchange-CrossTenant-Id: 43083d15-7273-40c1-b7db-39efd9ccc17a
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=43083d15-7273-40c1-b7db-39efd9ccc17a; Ip=[12.22.5.235];
 Helo=[mail.nvidia.com]
X-MS-Exchange-CrossTenant-AuthSource: BN8NAM11FT030.eop-nam11.prod.protection.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN6PR12MB4751
X-BeenThere: stable@dpdk.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: patches for DPDK stable branches <stable.dpdk.org>
List-Unsubscribe: <https://mails.dpdk.org/options/stable>,
 <mailto:stable-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://mails.dpdk.org/archives/stable/>
List-Post: <mailto:stable@dpdk.org>
List-Help: <mailto:stable-request@dpdk.org?subject=help>
List-Subscribe: <https://mails.dpdk.org/listinfo/stable>,
 <mailto:stable-request@dpdk.org?subject=subscribe>
Errors-To: stable-bounces@dpdk.org

Reference the common guide for generic setup.
Remove excessive capabilities from the recommended list.

Cc: stable@dpdk.org

Signed-off-by: Dmitry Kozlyuk <dkozlyuk@nvidia.com>
---
 doc/guides/platform/mlx5.rst | 31 ++++++++++++++++++-------------
 1 file changed, 18 insertions(+), 13 deletions(-)

diff --git a/doc/guides/platform/mlx5.rst b/doc/guides/platform/mlx5.rst
index 64a4c5e76e..18d38f3488 100644
--- a/doc/guides/platform/mlx5.rst
+++ b/doc/guides/platform/mlx5.rst
@@ -404,25 +404,30 @@ The device can be bound again at this point.
 Run as Non-Root
 ^^^^^^^^^^^^^^^
 
-In order to run as a non-root user,
-some capabilities must be granted to the application::
+Hugepage and resource limit setup are documented
+in the :ref:`common Linux guide <Running_Without_Root_Privileges>`.
+This PMD can operate without access to physical addresses,
+therefore it does not require ``SYS_ADMIN`` to access ``/proc/self/pagemaps``.
+Note that this requirement may still come from other drivers.
 
-   setcap cap_sys_admin,cap_net_admin,cap_net_raw,cap_ipc_lock+ep <dpdk-app>
+Below are additional capabilities that must be granted to the application
+with the reasons for the need of each capability:
 
-Below are the reasons for the need of each capability:
+``NET_RAW``
+   For raw Ethernet queue allocation through the kernel driver.
 
-``cap_sys_admin``
-   When using physical addresses (PA mode), with Linux >= 4.0,
-   for access to ``/proc/self/pagemap``.
+``NET_ADMIN``
+   For device configuration, like setting link status or MTU.
 
-``cap_net_admin``
-   For device configuration.
+``SYS_RAWIO``
+   For using group 1 and above (software steering) in Flow API.
 
-``cap_net_raw``
-   For raw ethernet queue allocation through kernel driver.
+They can be manually granted for a specific executable file::
 
-``cap_ipc_lock``
-   For DMA memory pinning.
+   setcap cap_net_raw,cap_net_admin,cap_sys_rawio+ep <executable>
+
+Alternatively, a service manager or a container runtime
+may configure the capabilities for a process.
 
 
 Windows Environment
-- 
2.25.1