Trusted Virtual Functions
A new kernel feature allows Virtual Functions to become "trusted" by
the Physical Function and perform some privileged operations, such as
enabling VF promiscuous mode and changing VF MAC address within the
guest. The inability to modify mac addresses in the guest prevents the
users from being able to easily setup up two VFs in a fail-over bond
in a guest. This spec aims to suggest a way for users to boot
instances with trusted VFs.
Blueprint information
- Status:
- Complete
- Approver:
- Matt Riedemann
- Priority:
- Medium
- Drafter:
- Sahid Orentino
- Direction:
- Approved
- Assignee:
- Sahid Orentino
- Definition:
- Approved
- Series goal:
- Accepted for rocky
- Implementation:
- Implemented
- Milestone target:
- rocky-2
- Started by
- Matt Riedemann
- Completed by
- Matt Riedemann
Related branches
Related bugs
Sprints
Whiteboard
Gerrit topic: https:/
Addressed by: https:/
Allow instances to be booted with trusted virtual function
Addressed by: https:/
network: add command to configure trusted mode for VFs
Addressed by: https:/
libvirt: configure trust mode for vfs
Addressed by: https:/
network: update pci request spec to handle trusted tags
Addressed by: https:/
virt: allow instances to be booted with trusted VFs
Approved for Rocky. -- mriedem 20180323
Addressed by: https:/
pci: don't consider case when match tags specs
Addressed by: https:/
libvirt: add vf_trusted field for network metadata
Addressed by: https:/
metadata: add vf_trusted field to device metadata