Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.
RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 1537366

Summary: [mlx5] Backport patch to allow running as non-root
Product: Red Hat Enterprise Linux 7 Reporter: Jean-Tsung Hsiao <jhsiao>
Component: openvswitchAssignee: Timothy Redaelli <tredaelli>
Status: CLOSED CURRENTRELEASE QA Contact: ovs-qe
Severity: high Docs Contact:
Priority: high    
Version: 7.5CC: atragler, ctrautma, jhsiao, kzhang, mleitner, moshele, rcain, tredaelli
Target Milestone: rc   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: openvswitch-2.9.0-19.el7fdp Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2018-05-03 15:06:08 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1411448    

Description Jean-Tsung Hsiao 2018-01-23 02:55:18 UTC 
Description of problem: Got Interface dpdk MTU setup error when adding mlx5 to OVS with Selinux=Permissive

2018-01-23T02:17:16.166Z|00057|netdev_dpdk|ERR|Interface dpdk-10 MTU (1500) setup error: Permission denied
2018-01-23T02:17:16.166Z|00058|netdev_dpdk|ERR|Interface dpdk-10(rxq:2 txq:5) configure error: Permission denied
2018-01-23T02:17:16.166Z|00059|dpif_netdev|ERR|Failed to set interface dpdk-10 new configuration
2018-01-23T02:17:16.166Z|00060|bridge|WARN|could not add network device dpdk-10 to ofproto (No such device)


Version-Release number of selected component (if applicable):
[root@netqe24 jhsiao]# rpm -q openvswitch
openvswitch-2.9.0-0.2.20171212git6625e43.el7fdb.x86_64
[root@netqe24 jhsiao]# rpm -qa | grep -i selinux
libselinux-2.5-12.el7.x86_64
openstack-selinux-0.8.12-0.20171204232656.7e9ef4a.el7ost.noarch
selinux-policy-targeted-3.13.1-185.el7.noarch
libselinux-utils-2.5-12.el7.x86_64
libselinux-python-2.5-12.el7.x86_64
selinux-policy-3.13.1-185.el7.noarch
container-selinux-2.36-1.gitff95335.el7.noarch
libselinux-devel-2.5-12.el7.x86_64
[root@netqe24 jhsiao]# uname -a
Linux netqe24.knqe.lab.eng.bos.redhat.com 3.10.0-830.el7.x86_64 #1 SMP Mon Jan 15 17:16:22 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux
[root@netqe24 jhsiao]# 

How reproducible: Reproducible


Steps to Reproduce:
1.setenforce 0
2.systemctl start openvswitch
3.Config OVS and add mlx5 ports to it

Actual results:


Expected results:


Additional info:
Comment 2 Jean-Tsung Hsiao 2018-01-23 02:58:04 UTC 
NOTE: There were no AVC's shown up when adding mlx5 ports to OVS bridge.
Comment 3 Timothy Redaelli 2018-02-05 13:30:54 UTC 
Currently mlx4 and mlx5 doesn't work if OVS is started as root. Assigning to Aaron in order to track this
Comment 4 Marcelo Ricardo Leitner 2018-02-06 21:26:25 UTC 
Mellanox is aware of this issue and is checking the possibilities for improving this.
Comment 5 Jean-Tsung Hsiao 2018-02-07 14:09:56 UTC 
*** Bug 1542653 has been marked as a duplicate of this bug. ***
Comment 6 Marcelo Ricardo Leitner 2018-02-09 14:30:38 UTC 
Patch is done:
http://pkgs.devel.redhat.com/cgit/rpms/openvswitch/tree/mlnx-dpdk-0009-net-mlx-control-netdevices-through-ioctl-only.patch?h=private-mleitner-ovs-2.9-mlx
They are still going to upstream it.
Comment 7 Marcelo Ricardo Leitner 2018-02-09 20:16:08 UTC 
I guess we need this flag instead?
Comment 9 Marcelo Ricardo Leitner 2018-02-09 20:33:13 UTC 
Upstream patch: http://www.dpdk.org/dev/patchwork/patch/35073/