Running a Xenomai application as a regular user

As of Xenomai release 2.3.2, you can allow non-root users to access Xenomai services from user space. You only have to provide the ID of a unix group whose members shall obtain this right plus additional Linux capabilities required to work with Xenomai. To do so, either


With Xenomai 2.x

  • specify the module parameter xenomai_gid=<gid> when loading xeno_nucleus or
  • provide it to the kernel command line as xeno_nucleus.xenomai_gid=<gid> (provided the nucleus is built into the kernel) or
  • write it into sysfs (echo "<gid>" > /sys/module/xeno_nucleus/parameters/xenomai_gid)

In addition, check that /dev/rtheap and /dev/rtpipe belong to the correct group. The Xenomai-provided udev scripts assume that there is a group called xenomai, you may have to adjust this according to the local configuration.


With Xenomai 3.x

  • specify the module parameter xenomai.allowed_group=<gid> on the kernel command line as or
  • write it into sysfs (echo "<gid>" > /sys/module/xenomai/parameters/allowed_group)

In addition, check that /dev/rtpipe belongs to the correct group. The Xenomai-provided udev scripts assume that there is a group called xenomai, you may have to adjust this according to the local configuration.

Caution

Don’t believe that this mechanism allows to run Xenomai applications in whatever securely confined way! We grant CAP_SYS_RAWIO to all Xenomai users, some Xenomai services can easily be corrupted/exploited from user space (those based on shared heaps e.g.), and no one audits the core or all the drivers for security. The advantage of having a separate Xenomai group instead of just assigning root access directly is being able to avoid accidental changes, nothing more!