[PATCH] gnulinux capabilities(7) support

Hi,

I just noticed that using capabilities(7) to configure SCHED_RT
permissions did not work, because in os/gnulinux/fost_internal.cpp
SCHED_RT is squelched to SCHED_OTHER if no rlimits are configured and
we are not root (although spawning a RT thread would work because of
the configured capabilities)

Below an experimental patch that extends gnulinux/fosi_internal to
check for possible capabilities. With this the deployers
(deployer-gnulinux, rttlua-gnulinux) can be configured with
CAP_SYS_NICE to permit spawning threads with RT priorities, ie:

$ sudo setcap cap_sys_nice=ep rttlua-gnulinux

The patch uses libcap-ng, and Works Fine Here (TM). What makes it
experimental is the integration into the build system :-) (maybe sb
can take a look?)

Regards
Markus

>From 0a861cbdf6c2807dde3b436fc6bc35b1d6764aad Mon Sep 17 00:00:00 2001
From: Markus Klotzbuecher <markus [dot] klotzbuecher [..] ...>
Date: Mon, 2 Apr 2012 15:05:59 +0200
Subject: [PATCH] add basic capabilities support on gnulinux

---
rtt/CMakeLists.txt | 2 ++
rtt/os/gnulinux/fosi_internal.cpp | 15 ++++++++++++---
2 files changed, 14 insertions(+), 3 deletions(-)

diff --git a/rtt/CMakeLists.txt b/rtt/CMakeLists.txt
index 3bb597e..abba762 100644

[PATCH] gnulinux capabilities(7) support

On Mon, Apr 2, 2012 at 3:26 PM, Markus Klotzbuecher <
markus [dot] klotzbuecher [..] ...> wrote:

> Hi,
>
> I just noticed that using capabilities(7) to configure SCHED_RT
> permissions did not work, because in os/gnulinux/fost_internal.cpp
> SCHED_RT is squelched to SCHED_OTHER if no rlimits are configured and
> we are not root (although spawning a RT thread would work because of
> the configured capabilities)
>
> Below an experimental patch that extends gnulinux/fosi_internal to
> check for possible capabilities. With this the deployers
> (deployer-gnulinux, rttlua-gnulinux) can be configured with
> CAP_SYS_NICE to permit spawning threads with RT priorities, ie:
>
> $ sudo setcap cap_sys_nice=ep rttlua-gnulinux
>
> The patch uses libcap-ng, and Works Fine Here (TM). What makes it
> experimental is the integration into the build system :-) (maybe sb
> can take a look?)
>

I've applied your patch and then added a second patch to clean it up, on
the toolchain-2.5 branch.

It now also Works Fine Here (tm). If the cap-ng is not detected, we don't
use it.

Peter

[PATCH] gnulinux capabilities(7) support

On Thu, May 10, 2012 at 04:47:35PM +0200, Peter Soetens wrote:
> On Mon, Apr 2, 2012 at 3:26 PM, Markus Klotzbuecher <
> markus [dot] klotzbuecher [..] ...> wrote:
>
> Hi,
>
> I just noticed that using capabilities(7) to configure SCHED_RT
> permissions did not work, because in os/gnulinux/fost_internal.cpp
> SCHED_RT is squelched to SCHED_OTHER if no rlimits are configured and
> we are not root (although spawning a RT thread would work because of
> the configured capabilities)
>
> Below an experimental patch that extends gnulinux/fosi_internal to
> check for possible capabilities. With this the deployers
> (deployer-gnulinux, rttlua-gnulinux) can be configured with
> CAP_SYS_NICE to permit spawning threads with RT priorities, ie:
>
> $ sudo setcap cap_sys_nice=ep rttlua-gnulinux
>
> The patch uses libcap-ng, and Works Fine Here (TM). What makes it
> experimental is the integration into the build system :-) (maybe sb
> can take a look?)
>
>
> I've applied your patch and then added a second patch to clean it up, on the
> toolchain-2.5 branch.
>
> It now also Works Fine Here (tm). If the cap-ng is not detected, we don't use
> it.

Great, thanks!
Markus