Non-root RT

From Xenomai

As of Xenomai release 2.3.2, you can allow non-root users to access Xenomai skins from user space. You only have to provide the ID of a unix group whose members shall obtain this right plus additional Linux capabilities required to work with Xenomai. To do so, either

• specific the module parameter xenomai_gid=<gid> when loading xeno_nucleus or
• provide it to the kernel commend line as xeno_nucleus.xenomai_gid=<gid> or
• write it into sysfs (echo "<gid>" > /sys/module/xeno_nucleus/parameters/xenomai_gid)

BIG FAT WARNING

Don't believe that this mechanism allows to run Xenomai applications in whatever securely confined way! We grant CAP_SYS_RAWIO to all Xenomai users, some Xenomai services can easily be corrupted/exploited from user space (those based on shared heaps e.g.), and no one audits the core or all the drivers for security. The advantage of having a separate Xenomai group instead of just assigning root access directly is being able to avoid accidental changes, nothing more!