doc: add capability to access physical addresses
Checks
Commit Message
DAC_READ_SEARCH or DAC_OVERRIDE capability is required to access
/proc/self/pagemap, but the Linux guide mentioned neither one.
Recommend DAC_READ_SEARCH as less impactful.
Fixes: 979bb5d493fb ("doc: add more instructions for running as non-root")
Cc: stable@dpdk.org
Signed-off-by: Dmitry Kozlyuk <dmitry.kozliuk@gmail.com>
Reported-by: Boris Ouretskey <borisusun@gmail.com>
Reported-by: Isaac Boukris <iboukris@gmail.com>
---
doc/guides/linux_gsg/enable_func.rst | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
Comments
19/01/2023 22:24, Dmitry Kozlyuk:
> DAC_READ_SEARCH or DAC_OVERRIDE capability is required to access
> /proc/self/pagemap, but the Linux guide mentioned neither one.
> Recommend DAC_READ_SEARCH as less impactful.
>
> Fixes: 979bb5d493fb ("doc: add more instructions for running as non-root")
> Cc: stable@dpdk.org
>
> Signed-off-by: Dmitry Kozlyuk <dmitry.kozliuk@gmail.com>
> Reported-by: Boris Ouretskey <borisusun@gmail.com>
> Reported-by: Isaac Boukris <iboukris@gmail.com>
Applied, thanks.
@@ -55,12 +55,12 @@ Refer to the `documentation <https://www.kernel.org/doc/Documentation/vm/hugetlb
If the driver requires using physical addresses (PA),
the executable file must be granted additional capabilities:
-* ``SYS_ADMIN`` to read ``/proc/self/pagemaps``
+* ``DAC_READ_SEARCH`` and ``SYS_ADMIN`` to read ``/proc/self/pagemaps``
* ``IPC_LOCK`` to lock hugepages in memory
.. code-block:: console
- setcap cap_ipc_lock,cap_sys_admin+ep <executable>
+ setcap cap_dac_read_search,cap_ipc_lock,cap_sys_admin+ep <executable>
If physical addresses are not accessible,
the following message will appear during EAL initialization::