From: Stephen Hemminger <stephen@networkplumber.org>
To: Dmitry Kozlyuk <dkozlyuk@nvidia.com>
Cc: <dev@dpdk.org>, Thomas Monjalon <thomas@monjalon.net>,
<stable@dpdk.org>, Anatoly Burakov <anatoly.burakov@intel.com>
Subject: Re: [PATCH 3/4] doc: give specific instructions for running as non-root
Date: Tue, 7 Jun 2022 17:03:14 -0700 [thread overview]
Message-ID: <20220607170314.1856a3d9@hermes.local> (raw)
In-Reply-To: <20220607234949.2311884-4-dkozlyuk@nvidia.com>
On Wed, 8 Jun 2022 02:49:48 +0300
Dmitry Kozlyuk <dkozlyuk@nvidia.com> wrote:
> The guide to run DPDK applications as non-root in Linux
> did not provide specific instructions to configure the required access
> and did not explain why each bit is needed.
> The latter is important because running as non-root
> is one of the ways to tighten security and grant minimal permissions.
>
> Cc: stable@dpdk.org
>
> Signed-off-by: Dmitry Kozlyuk <dkozlyuk@nvidia.com>
If running with multiple containers it is often better to have OS
take care of mounting huge pages.
https://github.com/systemd/systemd/blob/main/units/dev-hugepages.mount
And a good way for managing multiple applications using hugepages
is to mount device with group permissions and add supplementary
group to each container.
next prev parent reply other threads:[~2022-06-08 0:03 UTC|newest]
Thread overview: 38+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-06-07 23:49 [PATCH 0/4] Improve documentation for running as non-root Dmitry Kozlyuk
2022-06-07 23:49 ` [PATCH 1/4] usertools: add option to select hugetlbfs directory Dmitry Kozlyuk
2022-06-07 23:49 ` [PATCH 2/4] usertools: add option to change mount point owner Dmitry Kozlyuk
2022-06-08 0:00 ` Stephen Hemminger
2022-06-07 23:49 ` [PATCH 3/4] doc: give specific instructions for running as non-root Dmitry Kozlyuk
2022-06-08 0:03 ` Stephen Hemminger [this message]
2022-06-07 23:49 ` [PATCH 4/4] doc: update instructions for running as non-root for MLX5 Dmitry Kozlyuk
2022-06-08 0:13 ` Stephen Hemminger
2022-06-17 11:26 ` Dmitry Kozlyuk
2022-06-17 11:25 ` [PATCH v2 0/4] Improve documentation for running as non-root Dmitry Kozlyuk
2022-06-17 11:25 ` [PATCH v2 1/4] usertools: add option to select hugetlbfs directory Dmitry Kozlyuk
2022-06-17 15:50 ` Bruce Richardson
2022-06-17 11:25 ` [PATCH v2 2/4] usertools: add option to change mount point owner Dmitry Kozlyuk
2022-06-17 15:53 ` Bruce Richardson
2022-06-20 5:43 ` Dmitry Kozlyuk
2022-06-17 11:25 ` [PATCH v2 3/4] doc: give specific instructions for running as non-root Dmitry Kozlyuk
2022-06-17 16:38 ` Bruce Richardson
2022-06-20 6:10 ` Dmitry Kozlyuk
2022-06-20 8:37 ` Bruce Richardson
2022-06-24 8:49 ` Dmitry Kozlyuk
2022-06-17 11:25 ` [PATCH v2 4/4] doc: update instructions for running as non-root for MLX5 Dmitry Kozlyuk
2022-06-24 8:48 ` [PATCH v3 0/5] Improve documentation for running as non-root Dmitry Kozlyuk
2022-06-24 8:48 ` [PATCH v3 1/5] usertools: add option to select hugetlbfs directory Dmitry Kozlyuk
2022-06-24 9:02 ` Bruce Richardson
2022-06-24 8:48 ` [PATCH v3 2/5] usertools: add option to change mount point owner Dmitry Kozlyuk
2022-06-24 9:04 ` Bruce Richardson
2022-06-24 8:48 ` [PATCH v3 3/5] doc: give specific instructions for running as non-root Dmitry Kozlyuk
2022-06-24 9:09 ` Bruce Richardson
2022-06-24 8:48 ` [PATCH v3 4/5] doc: update instructions for running as non-root for MLX5 Dmitry Kozlyuk
2022-06-24 8:48 ` [PATCH v3 5/5] doc: add note about running virtio-legacy as non-root Dmitry Kozlyuk
2022-06-24 13:19 ` [PATCH v4 0/5] Improve documentation for running " Dmitry Kozlyuk
2022-06-24 13:19 ` [PATCH v4 1/5] usertools: add option to select hugetlbfs directory Dmitry Kozlyuk
2022-06-24 13:19 ` [PATCH v4 2/5] usertools: add options to change mount point owner Dmitry Kozlyuk
2022-06-24 13:37 ` Bruce Richardson
2022-06-24 13:19 ` [PATCH v4 3/5] doc: give specific instructions for running as non-root Dmitry Kozlyuk
2022-06-24 13:19 ` [PATCH v4 4/5] doc: update instructions for running as non-root for MLX5 Dmitry Kozlyuk
2022-06-24 13:19 ` [PATCH v4 5/5] doc: add note about running virtio-legacy as non-root Dmitry Kozlyuk
2022-06-27 0:45 ` [PATCH v4 0/5] Improve documentation for running " Thomas Monjalon
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220607170314.1856a3d9@hermes.local \
--to=stephen@networkplumber.org \
--cc=anatoly.burakov@intel.com \
--cc=dev@dpdk.org \
--cc=dkozlyuk@nvidia.com \
--cc=stable@dpdk.org \
--cc=thomas@monjalon.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.