Re: [Xenomai-help] Xenomai: binding failed: Operation not permitted.

All of lore.kernel.org
 help / color / mirror / Atom feed

From: "s.a." <sancelot@domain.hid>
To: Jan Kiszka <jan.kiszka@domain.hid>
Cc: Petr Cervenka <grugh@domain.hid>, xenomai@xenomai.org
Subject: Re: [Xenomai-help] Xenomai: binding failed: Operation not permitted.
Date: Wed, 07 Jun 2006 09:05:44 +0000	[thread overview]
Message-ID: <448696E8.10405@domain.hid> (raw)
In-Reply-To: <44858228.40508@domain.hid>


Hi,

In my mind , one or more rt process manages everything critical, need
root access for resources reasons , other processes are things like gui
to interact with realtime world, including  X11 applications (I know , I
will hurt some people, but this is the truth : X11 !) .....


Best Regards
Steph
  


Jan Kiszka wrote:

>s.a. wrote:
>  
>
>>Hi,
>>
>>Okay, but in this case, why do we need  root permissions for programs
>>accessing that "only" access shared memory area (heaps)????
>>    
>>
>
>For simplicity reasons: we did not sort out at this stage which service
>might be harmless and which not (or less), we only added access control
>to all Xenomai syscalls. Again, you can switch the whole checking off
>during compile time, but this, of course, opens the door completely.
>Given your system is adequately secured against illicit logins, this can
>be a pragmatic solution.
>
>Ok, we might derive access control to the heap from the permissions a
>process has on /dev/rtheap. But is this an urging need to have security
>for all Xenomai services but heaps? Opening heaps would make access
>control more complicated without a clear security model behind it. But
>I'm always open to concrete user requirements!
>
>Jan
>
>  
>
>>Best Regards
>>Steph
>>
>>
>>Jan Kiszka wrote
>>
>>    
>>
>>>Petr Cervenka wrote:
>>> 
>>>
>>>      
>>>
>>>>Hi,
>>>>When I try to run realtime application under lesser than root rights, I get this strange error:
>>>>Xenomai: binding failed: Operation not permitted.
>>>>
>>>>Error showed after kernel update 2.6.15.6 -> 2.6.16.16 and xenomai update 2.1.1 -> daily snapshot (2006/05/18)
>>>>Changing of the rights of the /dev/rt* dousn't help.
>>>>
>>>>Any suggestions?
>>>>
>>>>   
>>>>
>>>>        
>>>>
>>>That's intended. Real-time means real power, so all skin syscalls now
>>>require root privileges (more precisely CAP_SYS_NICE). This can be
>>>switched off, but standard syscalls like mlockall may still demand root
>>>power (mlock'ing is at least size-limited for normal users on recent
>>>kernels). And with current real-time APIs, it makes no sense anyway to
>>>restrict the real-time user's permission by turning his account into a
>>>non-root one.
>>>
>>>Jan
>>>
>>> 
>>>
>>>------------------------------------------------------------------------
>>>
>>>_______________________________________________
>>>Xenomai-help mailing list
>>>Xenomai-help@domain.hid
>>>https://mail.gna.org/listinfo/xenomai-help
>>> 
>>>
>>>      
>>>
>
>
>  
>
>------------------------------------------------------------------------
>
>_______________________________________________
>Xenomai-help mailing list
>Xenomai-help@domain.hid
>https://mail.gna.org/listinfo/xenomai-help
>  
>

next prev parent reply	other threads:[~2006-06-07  9:05 UTC|newest]

Thread overview: 13+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
     [not found] <200605181426.8240@domain.hid>
     [not found] ` <446C6C1C.2010902@domain.hid>
2006-05-19  7:43   ` [Xenomai-help] Xenomai: binding failed: Operation not permitted Petr Cervenka
2006-05-19  8:12     ` Jan Kiszka
2006-06-06 15:20       ` s.a.
2006-06-06 13:24         ` Jan Kiszka
2006-06-07  9:05           ` s.a. [this message]
2006-06-07  9:42             ` Jan Kiszka
2006-06-09 13:28               ` Jan Kiszka
2012-04-25 10:28 Frederik Bayart
2012-04-25 10:43 ` Gilles Chanteperdrix
     [not found] ` <4F97E4AA.8090502@domain.hid>
     [not found]   ` <CALH4WdbEZL9f=ikyEezZwUwpgKaFPaf=YqbCXzNe97dt0J643w@domain.hid>
2012-04-29 15:56     ` Gilles Chanteperdrix
2012-04-29 15:56 ` Gilles Chanteperdrix
     [not found]   ` <CALH4WdaTXPmzXnUHiU1jfhKUCiBhyG+X1oA6XSK5fHXds_gLTA@mail.gmail.com>
2012-05-11 15:02     ` Frederik Bayart
2012-05-11 15:21       ` Gilles Chanteperdrix

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=448696E8.10405@domain.hid \
    --to=sancelot@domain.hid \
    --cc=grugh@domain.hid \
    --cc=jan.kiszka@domain.hid \
    --cc=xenomai@xenomai.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.