Re: [Xenomai-help] Xenomai: binding failed: Operation not permitted.

2012-05-11 Thread Gilles Chanteperdrix 
On 05/11/2012 05:02 PM, Frederik Bayart wrote:
> now with mailing list in cc
> 
> Hallo Gilles,
> 
>  by adding my user to group xenomai and configuring the
>  xeno_nucleus.xenomai_gid parameter on the command line, I was able to
>  run my binary as non-root, so my problem is solved.
> 
>  However, I noticed that if I start my binary as root, and using
>  seteuid and setegid to non-root as in de example still fails. I don't
>  know whether this is normal or a bug.

It is normal. For your case to run, the fork itself must be run a root.
So, you should call again seteuid/setegid before vfork, then drop again
the rights before exec (if you do not want the exec to be run as root).

-- 
Gilles.

___
Xenomai-help mailing list
Xenomai-help@gna.org
https://mail.gna.org/listinfo/xenomai-help

Re: [Xenomai-help] Xenomai: binding failed: Operation not permitted.

2012-05-11 Thread Frederik Bayart 
now with mailing list in cc

Hallo Gilles,

 by adding my user to group xenomai and configuring the
 xeno_nucleus.xenomai_gid parameter on the command line, I was able to
 run my binary as non-root, so my problem is solved.

 However, I noticed that if I start my binary as root, and using
 seteuid and setegid to non-root as in de example still fails. I don't
 know whether this is normal or a bug.

 Frederik
>
> On 29 April 2012 17:56, Gilles Chanteperdrix
>  wrote:
>> On 04/25/2012 12:28 PM, Frederik Bayart wrote:
>>> Hallo,
>>>
>>> We are switching from linux 2.6.30.8 with xenomai 2.4.10  to linux 2.6.38.8
>>> with xenomai 2.6.0 (stable release) on debian lenny.
>>
>> If you are concerned with security (which seems to be the case since you
>> want to avoid running real-time programs as root):
>> - you should note that debian lenny is no longer maintained for security
>> update (since february actually), so, an upgrade to squeeze is
>> recommended. Chances are that it is possible to become root when running
>> as an ordinary user on a lenny system without too much trouble.
>> - it is entirely possible that it is possible to become root abusing
>> xenomai interfaces, xenomai interfaces are not implemented with security
>> in mind.
>>
>>>
>>> In our daemon (with real pid root), we are setting effective pid and gid to
>>> 1000 and are calling popen to execute a shell command.
>>> The popen succeeds, but when I try to read the output with fgets, I get the
>>> error :
>>>
>>> Xenomai: binding failed: Operation not permitted.
>>>
>>> I verified that the effective user for both commands is the same.
>>>
>>> This was working on xenomai 2.4.10
>>> I added the user with pid 1000 already to the xenomai group but this
>>> doesn't work.
>>
>> That is not enough, you should also do what is said here:
>> http://www.xenomai.org/index.php/Non-root_RT
>>
>> --
>>                                                                Gilles.
>>
>> ___
>> Xenomai-help mailing list
>> Xenomai-help@gna.org
>> https://mail.gna.org/listinfo/xenomai-help
>
>
>
> --
> Frederik Bayart | Senior software engineer
> Triphase NV | Research Park Zone 1719 | Romeinse straat 18 | B-3001 Heverlee
> T  +32 2 669 06 05 | E frederik.bay...@triphase.com | W www.triphase.com



-- 
Frederik Bayart | Senior software engineer
Triphase NV | Research Park Zone 1719 | Romeinse straat 18 | B-3001 Heverlee
T  +32 2 669 06 05 | E frederik.bay...@triphase.com | W www.triphase.com

___
Xenomai-help mailing list
Xenomai-help@gna.org
https://mail.gna.org/listinfo/xenomai-help

Re: [Xenomai-help] Does qemu-kvm impact realtime performance?

2012-05-11 Thread Gilles Chanteperdrix 
On 05/10/2012 04:26 PM, Henri Roosen wrote:
> Hi all,
> 
> Does anyone know if running qemu-kvm impacts the realtime Xenomai
> performance of the host system?
> 
> I have a multicore x86 target that runs a Xenomai enabled kernel and a
> realtime application. Next to the realtime application I would like to
> run qemu-kvm (on one of the cores) that runs some non-realtime guest
> os. So I would like to know if qemu-kvm have impact on the
> latencies/jitter of the realtime threads?

I would say it should have no direct impact, we should not expect kvm to
create hard irqs masking sections. However, as usual, running a whole OS
and applications inside another OS probably has a huge impact on cache,
and so should cause more jitter than running xenomai on an idle system.

-- 
Gilles.

___
Xenomai-help mailing list
Xenomai-help@gna.org
https://mail.gna.org/listinfo/xenomai-help