support for non-root non-privileged mode

travelping / upg-vpp

User Plane Gateway (UPG) based on VPP

Apache License 2.0

148 stars 51 forks source link

support for non-root non-privileged mode #333

Open aseaudi opened 1 year ago

aseaudi commented 1 year ago

Hello

Due to security constraints, we need to run upg in rootless mode and without privileged mode.

Is there a way to run upg in such an environment ?

Thanks,

RoadRunnr commented 1 year ago

maybe, be have not tried or needed that.

UPG being a VPP plugin is not doing anything special that would require root access. So, the question realy is: can VPP be run rootless? Your best bet on getting a comprehensive answer to that is to ask the VPP community.

hcbwiz commented 11 months ago

You can try to uses "VFIO-PCI".

make sure the devices in /dev/vfio has the rw permission for the user.
make sure your "hugepage mounted directory" has the rw permission for the user
use "iova-mode=va" in the "dpdk section" of VPP configuration.