From: Dmitry Kozlyuk <dkozlyuk@nvidia.com>
To: <dev@dpdk.org>
Cc: <stable@dpdk.org>
Subject: [PATCH v3 4/5] doc: update instructions for running as non-root for MLX5
Date: Fri, 24 Jun 2022 11:48:16 +0300 [thread overview]
Message-ID: <20220624084817.63145-5-dkozlyuk@nvidia.com> (raw)
In-Reply-To: <20220624084817.63145-1-dkozlyuk@nvidia.com>
Reference the common guide for generic setup.
Remove excessive capabilities from the recommended list.
Cc: stable@dpdk.org
Signed-off-by: Dmitry Kozlyuk <dkozlyuk@nvidia.com>
---
doc/guides/platform/mlx5.rst | 31 ++++++++++++++++++-------------
1 file changed, 18 insertions(+), 13 deletions(-)
diff --git a/doc/guides/platform/mlx5.rst b/doc/guides/platform/mlx5.rst
index 64a4c5e76e..18d38f3488 100644
--- a/doc/guides/platform/mlx5.rst
+++ b/doc/guides/platform/mlx5.rst
@@ -404,25 +404,30 @@ The device can be bound again at this point.
Run as Non-Root
^^^^^^^^^^^^^^^
-In order to run as a non-root user,
-some capabilities must be granted to the application::
+Hugepage and resource limit setup are documented
+in the :ref:`common Linux guide <Running_Without_Root_Privileges>`.
+This PMD can operate without access to physical addresses,
+therefore it does not require ``SYS_ADMIN`` to access ``/proc/self/pagemaps``.
+Note that this requirement may still come from other drivers.
- setcap cap_sys_admin,cap_net_admin,cap_net_raw,cap_ipc_lock+ep <dpdk-app>
+Below are additional capabilities that must be granted to the application
+with the reasons for the need of each capability:
-Below are the reasons for the need of each capability:
+``NET_RAW``
+ For raw Ethernet queue allocation through the kernel driver.
-``cap_sys_admin``
- When using physical addresses (PA mode), with Linux >= 4.0,
- for access to ``/proc/self/pagemap``.
+``NET_ADMIN``
+ For device configuration, like setting link status or MTU.
-``cap_net_admin``
- For device configuration.
+``SYS_RAWIO``
+ For using group 1 and above (software steering) in Flow API.
-``cap_net_raw``
- For raw ethernet queue allocation through kernel driver.
+They can be manually granted for a specific executable file::
-``cap_ipc_lock``
- For DMA memory pinning.
+ setcap cap_net_raw,cap_net_admin,cap_sys_rawio+ep <executable>
+
+Alternatively, a service manager or a container runtime
+may configure the capabilities for a process.
Windows Environment
--
2.25.1
next prev parent reply other threads:[~2022-06-24 8:48 UTC|newest]
Thread overview: 38+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-06-07 23:49 [PATCH 0/4] Improve documentation for running as non-root Dmitry Kozlyuk
2022-06-07 23:49 ` [PATCH 1/4] usertools: add option to select hugetlbfs directory Dmitry Kozlyuk
2022-06-07 23:49 ` [PATCH 2/4] usertools: add option to change mount point owner Dmitry Kozlyuk
2022-06-08 0:00 ` Stephen Hemminger
2022-06-07 23:49 ` [PATCH 3/4] doc: give specific instructions for running as non-root Dmitry Kozlyuk
2022-06-08 0:03 ` Stephen Hemminger
2022-06-07 23:49 ` [PATCH 4/4] doc: update instructions for running as non-root for MLX5 Dmitry Kozlyuk
2022-06-08 0:13 ` Stephen Hemminger
2022-06-17 11:26 ` Dmitry Kozlyuk
2022-06-17 11:25 ` [PATCH v2 0/4] Improve documentation for running as non-root Dmitry Kozlyuk
2022-06-17 11:25 ` [PATCH v2 1/4] usertools: add option to select hugetlbfs directory Dmitry Kozlyuk
2022-06-17 15:50 ` Bruce Richardson
2022-06-17 11:25 ` [PATCH v2 2/4] usertools: add option to change mount point owner Dmitry Kozlyuk
2022-06-17 15:53 ` Bruce Richardson
2022-06-20 5:43 ` Dmitry Kozlyuk
2022-06-17 11:25 ` [PATCH v2 3/4] doc: give specific instructions for running as non-root Dmitry Kozlyuk
2022-06-17 16:38 ` Bruce Richardson
2022-06-20 6:10 ` Dmitry Kozlyuk
2022-06-20 8:37 ` Bruce Richardson
2022-06-24 8:49 ` Dmitry Kozlyuk
2022-06-17 11:25 ` [PATCH v2 4/4] doc: update instructions for running as non-root for MLX5 Dmitry Kozlyuk
2022-06-24 8:48 ` [PATCH v3 0/5] Improve documentation for running as non-root Dmitry Kozlyuk
2022-06-24 8:48 ` [PATCH v3 1/5] usertools: add option to select hugetlbfs directory Dmitry Kozlyuk
2022-06-24 9:02 ` Bruce Richardson
2022-06-24 8:48 ` [PATCH v3 2/5] usertools: add option to change mount point owner Dmitry Kozlyuk
2022-06-24 9:04 ` Bruce Richardson
2022-06-24 8:48 ` [PATCH v3 3/5] doc: give specific instructions for running as non-root Dmitry Kozlyuk
2022-06-24 9:09 ` Bruce Richardson
2022-06-24 8:48 ` Dmitry Kozlyuk [this message]
2022-06-24 8:48 ` [PATCH v3 5/5] doc: add note about running virtio-legacy " Dmitry Kozlyuk
2022-06-24 13:19 ` [PATCH v4 0/5] Improve documentation for running " Dmitry Kozlyuk
2022-06-24 13:19 ` [PATCH v4 1/5] usertools: add option to select hugetlbfs directory Dmitry Kozlyuk
2022-06-24 13:19 ` [PATCH v4 2/5] usertools: add options to change mount point owner Dmitry Kozlyuk
2022-06-24 13:37 ` Bruce Richardson
2022-06-24 13:19 ` [PATCH v4 3/5] doc: give specific instructions for running as non-root Dmitry Kozlyuk
2022-06-24 13:19 ` [PATCH v4 4/5] doc: update instructions for running as non-root for MLX5 Dmitry Kozlyuk
2022-06-24 13:19 ` [PATCH v4 5/5] doc: add note about running virtio-legacy as non-root Dmitry Kozlyuk
2022-06-27 0:45 ` [PATCH v4 0/5] Improve documentation for running " Thomas Monjalon
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220624084817.63145-5-dkozlyuk@nvidia.com \
--to=dkozlyuk@nvidia.com \
--cc=dev@dpdk.org \
--cc=stable@dpdk.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.