Re: [Xenomai-help] Xenomai: binding failed: Operation not permitted.

[Jan Kiszka <jan.kiszka@domain.hid>]

[-- Attachment #1: Type: text/plain, Size: 1802 bytes --]

Jan Kiszka wrote:
> s.a. wrote:
>> Hi,
>>
>> In my mind , one or more rt process manages everything critical, need
>> root access for resources reasons , other processes are things like gui
>> to interact with realtime world, including  X11 applications (I know , I
>> will hurt some people, but this is the truth : X11 !) .....
>>
> 
> My point is: what do you gain by separating the RT core from the logging
> or gui application? Not much as long as the interface is not robust.
> This means that your uncritical part must not be able to interfere with
> the critical one, e.g. by acquiring some common lock or messing up a
> shared memory which is used blindly by the RT code. If your application
> design can guarantee this, ok.
> 
> But then note that Xenomai heaps are unsuited for being shared with not
> fully trusted parties: management structures reside next to the data,
> write permission is always acquired (and is required for
> allocation/release operations), access control beyond go/no-go is not
> supported. Better use "standard" (Linux) shared memory for this: Invoke
> shm_open("myshm", ...), adapt the access rights of the newly created
> /dev/shm/myshm, and let the unprivileged process attach to it.
> 

I haven't looked at this module so far in details, but from the first
quick glance I just took it looks like a simple way to open realtime
access to specific groups:

http://sourceforge.net/projects/realtime-lsm/

This still provides no privilege separation with respect to realtime
(note the comments in the README), but it doesn't enforce you to run all
RT-apps under root. So you keep at least the file system secure...

Given that this module plays with capabilities, it should work fine with
Xenomai as well (untested...).

Jan


[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 250 bytes --]