[Bug 1546556] [NEW] Dropping privileges in openvswitch-switch via --user is incompatible with --dpdk
ChristianEhrhardt
1546556 at bugs.launchpad.net
Wed Feb 17 13:56:57 UTC 2016
Public bug reported:
Openvswitch has a nice security feature where one can drop privileges via --user option.
Unfortunately due to the nature of DPDK it needs root permissions to initialize most of its resources.
Thereby --dpdk and --user are mutually exclusive.
There are upstream discussions ongoing if it could first initialize DPDK and then drop permissions.
But then it was identified that this would imply no adding/removing of dpdk devices at runtime.
So the discussions go on for now.
Once an upstream solution is ready we can decide if we backport or wait
until we merge a newer version - therefore just wishlist for now.
** Affects: dpdk (Ubuntu)
Importance: Undecided
Status: Triaged
** Affects: openvswitch-dpdk (Ubuntu)
Importance: Wishlist
Status: Triaged
** Also affects: openvswitch-dpdk (Ubuntu)
Importance: Undecided
Status: New
** Changed in: dpdk (Ubuntu)
Status: New => Triaged
** Changed in: openvswitch-dpdk (Ubuntu)
Status: New => Triaged
** Changed in: openvswitch-dpdk (Ubuntu)
Importance: Undecided => Wishlist
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to dpdk in Ubuntu.
https://bugs.launchpad.net/bugs/1546556
Title:
Dropping privileges in openvswitch-switch via --user is incompatible
with --dpdk
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/dpdk/+bug/1546556/+subscriptions
More information about the Ubuntu-server-bugs
mailing list