Skip to content

GitLab

  • Projects
  • Groups
  • Snippets
  • Help
    • Loading...
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in
xenomai
xenomai
  • Project overview
    • Project overview
    • Details
    • Activity
    • Releases
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributors
    • Graph
    • Compare
  • Issues 4
    • Issues 4
    • List
    • Boards
    • Labels
    • Service Desk
    • Milestones
  • CI / CD
    • CI / CD
    • Pipelines
    • Jobs
    • Schedules
  • Operations
    • Operations
    • Incidents
    • Environments
  • Analytics
    • Analytics
    • CI / CD
    • Repository
    • Value Stream
  • Wiki
    • Wiki
  • Members
    • Members
  • Collapse sidebar
  • Activity
  • Graph
  • Create a new issue
  • Jobs
  • Commits
  • Issue Boards
  • xenomai
  • xenomaixenomai
  • Wiki
  • Running_As_Regular_User

Last edited by Philippe Gerum Feb 22, 2018
Page history

Running_As_Regular_User

Running a Xenomai application as a regular user

As of Xenomai release 2.3.2, you can allow non-root users to access Xenomai services from user space. You only have to provide the ID of a unix group whose members shall obtain this right plus additional Linux capabilities required to work with Xenomai. To do so, either

With Xenomai 2.x

  • specify the module parameter xenomai_gid=<gid> when loading xeno_nucleus or

  • provide it to the kernel command line as xeno_nucleus.xenomai_gid=<gid> (provided the nucleus is built into the kernel) or

  • write it into sysfs (echo "<gid>" > /sys/module/xeno_nucleus/parameters/xenomai_gid)

In addition, check that /dev/rtheap and /dev/rtpipe belong to the correct group. The Xenomai-provided udev scripts assume that there is a group called xenomai, you may have to adjust this according to the local configuration.

With Xenomai 3.x

  • specify the module parameter xenomai.allowed_group=<gid> on the kernel command line as or

  • write it into sysfs (echo "<gid>" > /sys/module/xenomai/parameters/allowed_group)

In addition, check that /dev/rtpipe belongs to the correct group. The Xenomai-provided udev scripts assume that there is a group called xenomai, you may have to adjust this according to the local configuration.

Don’t believe that this mechanism allows to run Xenomai applications in whatever securely confined way! We grant CAP_SYS_RAWIO to all Xenomai users, some Xenomai services can easily be corrupted/exploited from user space (those based on shared heaps e.g.), and no one audits the core or all the drivers for security. The advantage of having a separate Xenomai group instead of just assigning root access directly is being able to avoid accidental changes, nothing more!
Clone repository
  • Analogy_General_Presentation
  • Analogy_Practical_Presentation
  • App_Setup_And_Init
  • Archive
  • Benchmarking_With_Xeno_Test
  • Building_Applications_For_Xenomai_3
  • Building_Debian_Packages
  • CXP_RTDM
  • Common_Xenomai_Platform
  • Configuring_For_X86_Based_Dual_Kernels
  • Dealing_With_X86_IRQ_Sharing
  • Dealing_With_X86_SMI_Troubles
  • Dovetail
  • Driver_Serial_16550A
  • FAQ
View All Pages