Bug 1537366

Summary: [mlx5] Backport patch to allow running as non-root
Product: Red Hat Enterprise Linux 7 Reporter: Jean-Tsung Hsiao <jhsiao>
Component: openvswitchAssignee: Timothy Redaelli <tredaelli>
Status: CLOSED CURRENTRELEASE QA Contact: ovs-qe
Severity: high Docs Contact:
Priority: high    
Version: 7.5CC: atragler, ctrautma, jhsiao, kzhang, mleitner, moshele, rcain, tredaelli
Target Milestone: rc   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: openvswitch-2.9.0-19.el7fdp Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2018-05-03 15:06:08 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1411448    

Description Jean-Tsung Hsiao 2018-01-23 02:55:18 UTC 
Description of problem: Got Interface dpdk MTU setup error when adding mlx5 to OVS with Selinux=Permissive

2018-01-23T02:17:16.166Z|00057|netdev_dpdk|ERR|Interface dpdk-10 MTU (1500) setup error: Permission denied
2018-01-23T02:17:16.166Z|00058|netdev_dpdk|ERR|Interface dpdk-10(rxq:2 txq:5) configure error: Permission denied
2018-01-23T02:17:16.166Z|00059|dpif_netdev|ERR|Failed to set interface dpdk-10 new configuration
2018-01-23T02:17:16.166Z|00060|bridge|WARN|could not add network device dpdk-10 to ofproto (No such device)


Version-Release number of selected component (if applicable):
[root@netqe24 jhsiao]# rpm -q openvswitch
openvswitch-2.9.0-0.2.20171212git6625e43.el7fdb.x86_64
[root@netqe24 jhsiao]# rpm -qa | grep -i selinux
libselinux-2.5-12.el7.x86_64
openstack-selinux-0.8.12-0.20171204232656.7e9ef4a.el7ost.noarch
selinux-policy-targeted-3.13.1-185.el7.noarch
libselinux-utils-2.5-12.el7.x86_64
libselinux-python-2.5-12.el7.x86_64
selinux-policy-3.13.1-185.el7.noarch
container-selinux-2.36-1.gitff95335.el7.noarch
libselinux-devel-2.5-12.el7.x86_64
[root@netqe24 jhsiao]# uname -a
Linux netqe24.knqe.lab.eng.bos.redhat.com 3.10.0-830.el7.x86_64 #1 SMP Mon Jan 15 17:16:22 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux
[root@netqe24 jhsiao]# 

How reproducible: Reproducible


Steps to Reproduce:
1.setenforce 0
2.systemctl start openvswitch
3.Config OVS and add mlx5 ports to it

Actual results:


Expected results:


Additional info:
Comment 2 Jean-Tsung Hsiao 2018-01-23 02:58:04 UTC 
NOTE: There were no AVC's shown up when adding mlx5 ports to OVS bridge.
Comment 3 Timothy Redaelli 2018-02-05 13:30:54 UTC 
Currently mlx4 and mlx5 doesn't work if OVS is started as root. Assigning to Aaron in order to track this
Comment 4 Marcelo Ricardo Leitner 2018-02-06 21:26:25 UTC 
Mellanox is aware of this issue and is checking the possibilities for improving this.
Comment 5 Jean-Tsung Hsiao 2018-02-07 14:09:56 UTC 
*** Bug 1542653 has been marked as a duplicate of this bug. ***
Comment 6 Marcelo Ricardo Leitner 2018-02-09 14:30:38 UTC 
Patch is done:
http://pkgs.devel.redhat.com/cgit/rpms/openvswitch/tree/mlnx-dpdk-0009-net-mlx-control-netdevices-through-ioctl-only.patch?h=private-mleitner-ovs-2.9-mlx
They are still going to upstream it.
Comment 7 Marcelo Ricardo Leitner 2018-02-09 20:16:08 UTC 
I guess we need this flag instead?
Comment 9 Marcelo Ricardo Leitner 2018-02-09 20:33:13 UTC 
Upstream patch: http://www.dpdk.org/dev/patchwork/patch/35073/