-
Philippe Gerum authored
Passing --session foo/<group> will allow the members of the designated UNIX group to attach the shared heap and use the Copperplate services within a particular session. <group> may be a valid GID or group name from /etc/group. With Cobalt, such group would typically match the xenomai.allowed_group parameter passed to the kernel. To set up a shared session involving non-privileged users, all of them must be members of a dedicated UNIX group, and the following operations should be carried out: 1. if using Cobalt, pass xenomai.gid=<group-id> on the kernel command line accordingly 2. set udev rules to chown+chmod /dev/rtdm/* files with proper group permissions (e.g. for user group "xenomai" => SUBSYSTEM=="rtdm", MODE="0660", GROUP="xenomai") 3. create the registry root manually with proper permissions, 1777 is recommended if non-privileged processes will belong to the session 4. if --shared-registry is required from a non-privileged session initiator (i.e. the first process establishing the session), set user_allow_other in /etc/fuse.conf 5. to start a session with group-based access control, suffix the session name with the allowed group name or id separated with a slash ('/') when starting the session initiator, i.e. --session name/<group-id|group-name>. For instance, with {user} a member of the "xenomai" group: /* The initiator of session 'foo' is [root] */ [root] ./program --session foo/xenomai /* Bind a non-privileged process from {user} to session 'foo' */ {user} ./program --session foo Or, with {user1} and {user2} both members of the "xenomai" group: /* The initiator of session 'foo' is {user1} */ {user1} ./program --session foo/xenomai /* Bind a process from {user2} to session 'foo' */ {user2} ./program --session foo
cf21e806