Red Hat Bugzilla – Bug 1478791
Fixing the permission mismatch for DPDK vhost user ports with openvswitch and qemu
Last modified: 2017-08-24 00:51:36 EDT
Description of problem:
Currently a workaround has been used to modifying the permission to make ovs to run as qemu group in TripleO, which is a intermediate solution.
Actual solution has been worked out by ovs team in https://mail.openvswitch.org/pipermail/ovs-dev/2017-June/333423.html
This is the BZ to track the upstream progress.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
Note that this solution has been accepted upstream, and requires that QEMU advertise the sockets with group permissions of +rw, and group ownership of hugetlbfs.
(In reply to Aaron Conole from comment #1)
> Note that this solution has been accepted upstream, and requires that QEMU
> advertise the sockets with group permissions of +rw, and group ownership of
Could you elaborate on QEMU advertising sockets with required permissions? Are you expecting any particular format or any pre-existing format? We need to add respective teams to continue discuss on it.
By advertise, what I mean is to just make sure that the file is group owned by hugetlbfs and has group permissions +rw.
There shouldn't be anything else needed from discretionary access controls.
Mandatory access controls (selinux) is different, and I am working with QE to figure out those issues now.
Thanks Aaron for the clarification.
There is an option qemu.conf to apply a group id to the qemu processes and its created files. I couldn't find an option to specify the vhost socket file permissions. Adding libvirt team to confirm whether this "group" option could be set as "hugetlbfs" for DPDK OpenStack deployment with "+rw".