| 1994 1995 1996 1997 1998 1999 2000 2001 2002 2003 2004 2005 2006 2007 2008 2009 2010 2011 2012 2013 2014 2015 2016 2017 2018 2019 2020 <2021> 2022 2023 2024 | Index | 1994 1995 1996 1997 1998 1999 2000 2001 2002 2003 2004 2005 2006 2007 2008 2009 2010 2011 2012 2013 2014 2015 2016 2017 2018 2019 2020 <2021> 2022 2023 2024 |
| <== Date ==> | <== Thread ==> |
|---|
| Subject: | Re: setcap and nosuid |
| From: | "Siddons, David via Tech-talk" <tech-talk at aps.anl.gov> |
| To: | Michael Davidsaver <mdavidsaver at gmail.com> |
| Cc: | EPICS Tech-Talk <tech-talk at aps.anl.gov> |
| Date: | Tue, 2 Feb 2021 19:42:50 +0000 |
|
At least I still have the root fallback 😉 But I'll try the gpio driver approach.
Do you have any feeling about the relative speed of mmap and ioctl?
Pete.
From: Michael Davidsaver <mdavidsaver at gmail.com>
Sent: Tuesday, February 2, 2021 2:39 PM To: Siddons, David <siddons at bnl.gov> Cc: EPICS Tech-Talk <tech-talk at aps.anl.gov> Subject: Re: setcap and nosuid On 2/2/21 10:49 AM, Siddons, David wrote:
> Well, everything works fine when running as root. Ah, this is an important data point. This brings us around to Linux capabilities. It might be sufficient if you were able to set a file capability of CAP_SYS_RAWIO. > I am just being encouraged to stop doing that 🙂 Sage advice. And I should probably stop encouraging you to keep trying with /dev/mem then :) > Pete. > > ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ > *From:* Michael Davidsaver <mdavidsaver at gmail.com> > *Sent:* Tuesday, February 2, 2021 1:48 PM > *To:* Siddons, David <siddons at bnl.gov> > *Cc:* EPICS Tech-Talk <tech-talk at aps.anl.gov> > *Subject:* Re: setcap and nosuid > > On 2/2/21 10:09 AM, Siddons, David wrote: >> Hi Michael, >> Setting 0666 doesn't help. > > Maybe your kernel doesn't have /dev/mem enabled either? > >> $ grep DEVMEM /boot/config-5.9.0-0.bpo.5-amd64 >> CONFIG_DEVMEM=y >> CONFIG_ARCH_HAS_DEVMEM_IS_ALLOWED=y >> CONFIG_STRICT_DEVMEM=y >> CONFIG_IO_STRICT_DEVMEM=y > > > >> THanks for the link. I missed that before. It looks like the right way to go. I'll dig into it. >> >> Pete. >> >> >> ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ >> *From:* Michael Davidsaver <mdavidsaver at gmail.com> >> *Sent:* Tuesday, February 2, 2021 12:13 PM >> *To:* Siddons, David <siddons at bnl.gov> >> *Cc:* EPICS Tech-Talk <tech-talk at aps.anl.gov> >> *Subject:* Re: setcap and nosuid >> >> On 2/2/21 8:57 AM, Siddons, David wrote: >>> Hi David, >>> Yes, I saw that. Changing it doesn't seem to help: >>> >>> sudo chmod g+w /dev/mem >>> ls -l /dev/mem >>> crw-rw---- 1 root kmem 1, 1 Feb 1 21:05 /dev/mem >>> >>> ./regrw R 1 ( a program which maps the FPGA registers to userspace) >>> Reading Register 1 >>> Can't open /dev/mem >> >> Have you tried chmod 0666 to make sure this is really a permission problem? >> The "Can't open" could also print 'errno'. >> >> Also, I feel obligated to repeat myself in recommending against using >> /dev/mem in any kind of long term solution. There are safer ways >> to grant access to specific MMIO ranges. >> >> https://epics.anl.gov/tech-talk/2020/msg02201.php <https://epics.anl.gov/tech-talk/2020/msg02201.php> <https://epics.anl.gov/tech-talk/2020/msg02201.php <https://epics.anl.gov/tech-talk/2020/msg02201.php>> > |