[dpdk-dev] Running DPDK application with non-previlege mode

[Aaron Conole]

David Marchand <david.marchand at redhat.com> writes:

> On Tue, Aug 31, 2021 at 5:27 PM Kamaraj P <pkamaraj at gmail.com> wrote:
>>
>> Hi Thomas,
>> We are trying with the IGB_UIO driver in our DPDK application.
>
> Running with igb-uio as a non priviledged user is not possible (or, at
> best, makes little sense).
>
>
>> Is there any documentation where we need to start to run a DPDK
>> application with minimal system capability?
>> Also please let us know if there is any known dependency with DPDK
>> versions (dpdk application with 18, 19.11 versions etc) when we run
>> with sys capabilit.
>>
>> Hi David,
>> Can you please share with us the pointer for OVS integration(DPDK running as non-privileged mode ?)
>
> I don't have a full list, here is what I have in mind.
>
> For non mellanox devices, you'll have to rely on vfio-pci bound
> devices and setup access to those fds.
> https://github.com/openvswitch/ovs/blob/master/rhel/usr_lib_udev_rules.d_91-vfio.rules
>
> For mellanox devices and some parts of dpdk, you need (quite) some capabilities:
> https://github.com/openvswitch/ovs/blob/master/lib/daemon-unix.c#L812
>
> There are also hugepages accesses to consider:
> https://github.com/openvswitch/ovs/blob/master/rhel/usr_lib_systemd_system_ovs-vswitchd.service.in#L20
>
> There are selinux considerations too.

See: https://github.com/openvswitch/ovs/tree/master/selinux

Additionally, you might need to do some additional work for whatever LSM
you use.  For example, AppArmor, etc.