You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Currently qatlib workload runs with custom SCC using IPC_LOCK and root permissions
Detail
qatlib workload needs IPC_LOCK permission, added via custom SCC based on restricted-v2 default SCC. The container also needs to run as root according to qatlib doc. This is added with RunAsAny permission in custom SCC. This also enables container to access devices as root
The container also needs to run as root according to qatlib doc.
qatlib docs are not valid in containers space (host groups and gids are not directly applicable). Read my blog. It describes the problems and solution.
Figure how to enable CRIO flag for every host.
I'd submit a feature request to OCP to have that flag available in MCO. At least to trigger the conversation. This flag is universal to all devices, not just QAT specific.
I'd submit a feature request to OCP to have that flag available in MCO. At least to trigger the conversation. This flag is universal to all devices, not just QAT specific.
Summary
Currently qatlib workload runs with custom SCC using IPC_LOCK and root permissions
Detail
qatlib workload needs IPC_LOCK permission, added via custom SCC based on restricted-v2 default SCC. The container also needs to run as root according to qatlib doc. This is added with RunAsAny permission in custom SCC. This also enables container to access devices as root
Possible solutions
The text was updated successfully, but these errors were encountered: