Re: setcap and nosuid

["Siddons, David via Tech-talk" <tech-talk at aps.anl.gov>]

Well, everything works fine when running as root. I am just being encouraged to stop doing that 🙂

Pete.

---

From: Michael Davidsaver <mdavidsaver at gmail.com>
Sent: Tuesday, February 2, 2021 1:48 PM
To: Siddons, David <siddons at bnl.gov>
Cc: EPICS Tech-Talk <tech-talk at aps.anl.gov>
Subject: Re: setcap and nosuid

 

On 2/2/21 10:09 AM, Siddons, David wrote:
> Hi Michael,
>    Setting 0666 doesn't help.

Maybe your kernel doesn't have /dev/mem enabled either?

> $ grep DEVMEM /boot/config-5.9.0-0.bpo.5-amd64
> CONFIG_DEVMEM=y
> CONFIG_ARCH_HAS_DEVMEM_IS_ALLOWED=y
> CONFIG_STRICT_DEVMEM=y
> CONFIG_IO_STRICT_DEVMEM=y



> THanks for the link. I missed that before. It looks like the right way to go. I'll dig into it.
>
> Pete.
>
>
> ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
> *From:* Michael Davidsaver <mdavidsaver at gmail.com>
> *Sent:* Tuesday, February 2, 2021 12:13 PM
> *To:* Siddons, David <siddons at bnl.gov>
> *Cc:* EPICS Tech-Talk <tech-talk at aps.anl.gov>
> *Subject:* Re: setcap and nosuid
>  
> On 2/2/21 8:57 AM, Siddons, David wrote:
>> Hi David,
>> Yes, I saw that. Changing it doesn't seem to help:
>>
>> sudo chmod g+w /dev/mem                                                  
>> ls -l /dev/mem                                                      
>> crw-rw---- 1 root kmem 1, 1 Feb  1 21:05 /dev/mem
>>
>> ./regrw R 1   ( a program which maps the FPGA registers to userspace)
>> Reading Register 1                                                             
>> Can't open /dev/mem
>
> Have you tried chmod 0666 to make sure this is really a permission problem?
> The "Can't open" could also print 'errno'.
>
> Also, I feel obligated to repeat myself in recommending against using
> /dev/mem in any kind of long term solution.  There are safer ways
> to grant access to specific MMIO ranges.
>
> https://epics.anl.gov/tech-talk/2020/msg02201.php <https://epics.anl.gov/tech-talk/2020/msg02201.php>