On Tue, Jan 26, 2016 at 8:06 PM, Aaron Conole <acon...@redhat.com> wrote:
> I should be on the discuss mailing list. Let me just state a big _YES_ I > am working on this problem from multiple facets. > > Ansis Atteka <aatt...@vmware.com> writes: > [...] > > The link you posted seems to mention Apparmor as the root cause for > > Permission Denied issue and not File Access bits - however this > > contradicts wit the fact that chown helped you to get rid of the > > error. > > I have a bug open to resolve this from my side, and posted patches to > get by the first hurdle > (http://openvswitch.org/pipermail/dev/2015-December/063565.html and > http://openvswitch.org/pipermail/dev/2015-December/063567.html) - but > having DPDK initialize once and then drop privileges is my ultimate goal. > [...] > > See the patches I linked earlier. This is my first step - get vhostuser > configurable so that a flexible permissions system can be used (ie: why > not have a :vhost group on the system to which ovs and qemu belong). > > I'll be reposting them once I hear back on the dpdk intialization series. > Hi Aaron, reading your patches quickly I had to smile, I was working on more or less the same patch series :-) I moved the parsing to lib/util.h but otherwise very similar. Yet yours is clearly more evolved already - so I'll dump mine and give yours a proper review and some testing later today. I'll also reply to Ansis posts regarding MAC later as well - the short summary is that I think we need patches like those you posted at least to get a short term solution. Kind Regards, Christian
_______________________________________________ discuss mailing list discuss@openvswitch.org http://openvswitch.org/mailman/listinfo/discuss
