[Xenomai-git] Philippe Gerum : copperplate: enable group-based access to sessions

2015-10-06 Thread git repository hosting 
Module: xenomai-3
Branch: master
Commit: cf21e806295981a9d0e342f683bfef419b6e3c68
URL:
http://git.xenomai.org/?p=xenomai-3.git;a=commit;h=cf21e806295981a9d0e342f683bfef419b6e3c68

Author: Philippe Gerum 
Date:   Fri Sep 11 18:47:24 2015 +0200

copperplate: enable group-based access to sessions

Passing --session foo/ will allow the members of the designated
UNIX group to attach the shared heap and use the Copperplate services
within a particular session.

 may be a valid GID or group name from /etc/group.  With
Cobalt, such group would typically match the xenomai.allowed_group
parameter passed to the kernel.

To set up a shared session involving non-privileged users, all of them
must be members of a dedicated UNIX group, and the following
operations should be carried out:

1. if using Cobalt, pass xenomai.gid= on the kernel command
line accordingly

2. set udev rules to chown+chmod /dev/rtdm/* files with proper group
permissions (e.g. for user group "xenomai" => SUBSYSTEM=="rtdm",
MODE="0660", GROUP="xenomai")

3. create the registry root manually with proper permissions, 1777 is
recommended if non-privileged processes will belong to the session

4. if --shared-registry is required from a non-privileged session
initiator (i.e. the first process establishing the session), set
user_allow_other in /etc/fuse.conf

5. to start a session with group-based access control, suffix the
session name with the allowed group name or id separated with a slash
('/') when starting the session initiator, i.e. --session
name/.

For instance, with {user} a member of the "xenomai" group:

/* The initiator of session 'foo' is [root] */
[root] ./program --session foo/xenomai

/* Bind a non-privileged process from {user} to session 'foo' */
{user} ./program --session foo

Or, with {user1} and {user2} both members of the "xenomai" group:

/* The initiator of session 'foo' is {user1} */
{user1} ./program --session foo/xenomai

/* Bind a process from {user2} to session 'foo' */
{user2} ./program --session foo

---

 include/copperplate/heapobj.h |8 --
 include/copperplate/threadobj.h   |3 +-
 include/copperplate/tunables.h|   11 
 lib/copperplate/cluster.c |5 +++-
 lib/copperplate/heapobj-pshared.c |   55 -
 lib/copperplate/init.c|   47 +--
 lib/copperplate/internal.c|   10 +++
 lib/copperplate/internal.h|2 ++
 lib/copperplate/registry.c|5 ++--
 lib/copperplate/threadobj.c   |   50 +
 10 files changed, 150 insertions(+), 46 deletions(-)

diff --git a/include/copperplate/heapobj.h b/include/copperplate/heapobj.h
index c61cf3e..4cf947e 100644
--- a/include/copperplate/heapobj.h
+++ b/include/copperplate/heapobj.h
@@ -192,11 +192,6 @@ struct sysgroup_memspec {
struct holder next;
 };
 
-struct agent_memspec {
-   /** Agent pid in owner process. */
-   pid_t pid;
-};
-
 static inline void *mainheap_ptr(memoff_t off)
 {
return off ? (void *)__memptr(__main_heap, off) : NULL;
@@ -326,9 +321,6 @@ char *xnstrdup(const char *ptr);
 struct sysgroup_memspec {
 };
 
-struct agent_memspec {
-};
-
 /*
  * Whether an object is laid in some shared heap. Never if pshared
  * mode is disabled.
diff --git a/include/copperplate/threadobj.h b/include/copperplate/threadobj.h
index 1d01709..f27c111 100644
--- a/include/copperplate/threadobj.h
+++ b/include/copperplate/threadobj.h
@@ -212,7 +212,6 @@ struct threadobj {
struct traceobj *tracer;
sem_t *cancel_sem;
struct sysgroup_memspec memspec;
-   struct agent_memspec agent;
struct backtrace_data btd;
 };
 
@@ -392,7 +391,7 @@ static inline int threadobj_local_p(struct threadobj *thobj)
 
 void threadobj_init_key(void);
 
-int threadobj_pkg_init(void);
+int threadobj_pkg_init(int anon_session);
 
 #ifdef __cplusplus
 }
diff --git a/include/copperplate/tunables.h b/include/copperplate/tunables.h
index 8428716..640b8b4 100644
--- a/include/copperplate/tunables.h
+++ b/include/copperplate/tunables.h
@@ -27,6 +27,7 @@ struct copperplate_setup_data {
int no_registry;
int shared_registry;
size_t mem_pool;
+   gid_t session_gid;
 };
 
 #ifdef __cplusplus
@@ -85,6 +86,16 @@ static inline read_config_tunable(mem_pool_size, size_t)
return __copperplate_setup_data.mem_pool;
 }
 
+static inline define_config_tunable(session_gid, gid_t, gid)
+{
+   __copperplate_setup_data.session_gid = gid;
+}
+
+static inline read_config_tunable(session_gid, gid_t)
+{
+   return __copperplate_setup_data.session_gid;
+}
+
 #ifdef __cplusplus
 }
 #endif
diff --git a/lib/copperplate/cluster.c b/lib/copperplate/cluster.c
index eac0afe..f0552f0 100644
--- a/lib/copperplate/cluster.c
+++ b/lib/copperplate/cluster.c
@@ -174,8 +174,11 @@ static int cluster_probe(struct hashobj *hobj)
 * we can send the

[Xenomai-git] Philippe Gerum : copperplate: enable group-based access to sessions

2015-10-03 Thread git repository hosting 
Module: xenomai-3
Branch: arm64
Commit: cf21e806295981a9d0e342f683bfef419b6e3c68
URL:
http://git.xenomai.org/?p=xenomai-3.git;a=commit;h=cf21e806295981a9d0e342f683bfef419b6e3c68

Author: Philippe Gerum 
Date:   Fri Sep 11 18:47:24 2015 +0200

copperplate: enable group-based access to sessions

Passing --session foo/ will allow the members of the designated
UNIX group to attach the shared heap and use the Copperplate services
within a particular session.

 may be a valid GID or group name from /etc/group.  With
Cobalt, such group would typically match the xenomai.allowed_group
parameter passed to the kernel.

To set up a shared session involving non-privileged users, all of them
must be members of a dedicated UNIX group, and the following
operations should be carried out:

1. if using Cobalt, pass xenomai.gid= on the kernel command
line accordingly

2. set udev rules to chown+chmod /dev/rtdm/* files with proper group
permissions (e.g. for user group "xenomai" => SUBSYSTEM=="rtdm",
MODE="0660", GROUP="xenomai")

3. create the registry root manually with proper permissions, 1777 is
recommended if non-privileged processes will belong to the session

4. if --shared-registry is required from a non-privileged session
initiator (i.e. the first process establishing the session), set
user_allow_other in /etc/fuse.conf

5. to start a session with group-based access control, suffix the
session name with the allowed group name or id separated with a slash
('/') when starting the session initiator, i.e. --session
name/.

For instance, with {user} a member of the "xenomai" group:

/* The initiator of session 'foo' is [root] */
[root] ./program --session foo/xenomai

/* Bind a non-privileged process from {user} to session 'foo' */
{user} ./program --session foo

Or, with {user1} and {user2} both members of the "xenomai" group:

/* The initiator of session 'foo' is {user1} */
{user1} ./program --session foo/xenomai

/* Bind a process from {user2} to session 'foo' */
{user2} ./program --session foo

---

 include/copperplate/heapobj.h |8 --
 include/copperplate/threadobj.h   |3 +-
 include/copperplate/tunables.h|   11 
 lib/copperplate/cluster.c |5 +++-
 lib/copperplate/heapobj-pshared.c |   55 -
 lib/copperplate/init.c|   47 +--
 lib/copperplate/internal.c|   10 +++
 lib/copperplate/internal.h|2 ++
 lib/copperplate/registry.c|5 ++--
 lib/copperplate/threadobj.c   |   50 +
 10 files changed, 150 insertions(+), 46 deletions(-)

diff --git a/include/copperplate/heapobj.h b/include/copperplate/heapobj.h
index c61cf3e..4cf947e 100644
--- a/include/copperplate/heapobj.h
+++ b/include/copperplate/heapobj.h
@@ -192,11 +192,6 @@ struct sysgroup_memspec {
struct holder next;
 };
 
-struct agent_memspec {
-   /** Agent pid in owner process. */
-   pid_t pid;
-};
-
 static inline void *mainheap_ptr(memoff_t off)
 {
return off ? (void *)__memptr(__main_heap, off) : NULL;
@@ -326,9 +321,6 @@ char *xnstrdup(const char *ptr);
 struct sysgroup_memspec {
 };
 
-struct agent_memspec {
-};
-
 /*
  * Whether an object is laid in some shared heap. Never if pshared
  * mode is disabled.
diff --git a/include/copperplate/threadobj.h b/include/copperplate/threadobj.h
index 1d01709..f27c111 100644
--- a/include/copperplate/threadobj.h
+++ b/include/copperplate/threadobj.h
@@ -212,7 +212,6 @@ struct threadobj {
struct traceobj *tracer;
sem_t *cancel_sem;
struct sysgroup_memspec memspec;
-   struct agent_memspec agent;
struct backtrace_data btd;
 };
 
@@ -392,7 +391,7 @@ static inline int threadobj_local_p(struct threadobj *thobj)
 
 void threadobj_init_key(void);
 
-int threadobj_pkg_init(void);
+int threadobj_pkg_init(int anon_session);
 
 #ifdef __cplusplus
 }
diff --git a/include/copperplate/tunables.h b/include/copperplate/tunables.h
index 8428716..640b8b4 100644
--- a/include/copperplate/tunables.h
+++ b/include/copperplate/tunables.h
@@ -27,6 +27,7 @@ struct copperplate_setup_data {
int no_registry;
int shared_registry;
size_t mem_pool;
+   gid_t session_gid;
 };
 
 #ifdef __cplusplus
@@ -85,6 +86,16 @@ static inline read_config_tunable(mem_pool_size, size_t)
return __copperplate_setup_data.mem_pool;
 }
 
+static inline define_config_tunable(session_gid, gid_t, gid)
+{
+   __copperplate_setup_data.session_gid = gid;
+}
+
+static inline read_config_tunable(session_gid, gid_t)
+{
+   return __copperplate_setup_data.session_gid;
+}
+
 #ifdef __cplusplus
 }
 #endif
diff --git a/lib/copperplate/cluster.c b/lib/copperplate/cluster.c
index eac0afe..f0552f0 100644
--- a/lib/copperplate/cluster.c
+++ b/lib/copperplate/cluster.c
@@ -174,8 +174,11 @@ static int cluster_probe(struct hashobj *hobj)
 * we can send the

[Xenomai-git] Philippe Gerum : copperplate: enable group-based access to sessions

2015-09-14 Thread git repository hosting 
Module: xenomai-3
Branch: numalliance
Commit: cf21e806295981a9d0e342f683bfef419b6e3c68
URL:
http://git.xenomai.org/?p=xenomai-3.git;a=commit;h=cf21e806295981a9d0e342f683bfef419b6e3c68

Author: Philippe Gerum 
Date:   Fri Sep 11 18:47:24 2015 +0200

copperplate: enable group-based access to sessions

Passing --session foo/ will allow the members of the designated
UNIX group to attach the shared heap and use the Copperplate services
within a particular session.

 may be a valid GID or group name from /etc/group.  With
Cobalt, such group would typically match the xenomai.allowed_group
parameter passed to the kernel.

To set up a shared session involving non-privileged users, all of them
must be members of a dedicated UNIX group, and the following
operations should be carried out:

1. if using Cobalt, pass xenomai.gid= on the kernel command
line accordingly

2. set udev rules to chown+chmod /dev/rtdm/* files with proper group
permissions (e.g. for user group "xenomai" => SUBSYSTEM=="rtdm",
MODE="0660", GROUP="xenomai")

3. create the registry root manually with proper permissions, 1777 is
recommended if non-privileged processes will belong to the session

4. if --shared-registry is required from a non-privileged session
initiator (i.e. the first process establishing the session), set
user_allow_other in /etc/fuse.conf

5. to start a session with group-based access control, suffix the
session name with the allowed group name or id separated with a slash
('/') when starting the session initiator, i.e. --session
name/.

For instance, with {user} a member of the "xenomai" group:

/* The initiator of session 'foo' is [root] */
[root] ./program --session foo/xenomai

/* Bind a non-privileged process from {user} to session 'foo' */
{user} ./program --session foo

Or, with {user1} and {user2} both members of the "xenomai" group:

/* The initiator of session 'foo' is {user1} */
{user1} ./program --session foo/xenomai

/* Bind a process from {user2} to session 'foo' */
{user2} ./program --session foo

---

 include/copperplate/heapobj.h |8 --
 include/copperplate/threadobj.h   |3 +-
 include/copperplate/tunables.h|   11 
 lib/copperplate/cluster.c |5 +++-
 lib/copperplate/heapobj-pshared.c |   55 -
 lib/copperplate/init.c|   47 +--
 lib/copperplate/internal.c|   10 +++
 lib/copperplate/internal.h|2 ++
 lib/copperplate/registry.c|5 ++--
 lib/copperplate/threadobj.c   |   50 +
 10 files changed, 150 insertions(+), 46 deletions(-)

diff --git a/include/copperplate/heapobj.h b/include/copperplate/heapobj.h
index c61cf3e..4cf947e 100644
--- a/include/copperplate/heapobj.h
+++ b/include/copperplate/heapobj.h
@@ -192,11 +192,6 @@ struct sysgroup_memspec {
struct holder next;
 };
 
-struct agent_memspec {
-   /** Agent pid in owner process. */
-   pid_t pid;
-};
-
 static inline void *mainheap_ptr(memoff_t off)
 {
return off ? (void *)__memptr(__main_heap, off) : NULL;
@@ -326,9 +321,6 @@ char *xnstrdup(const char *ptr);
 struct sysgroup_memspec {
 };
 
-struct agent_memspec {
-};
-
 /*
  * Whether an object is laid in some shared heap. Never if pshared
  * mode is disabled.
diff --git a/include/copperplate/threadobj.h b/include/copperplate/threadobj.h
index 1d01709..f27c111 100644
--- a/include/copperplate/threadobj.h
+++ b/include/copperplate/threadobj.h
@@ -212,7 +212,6 @@ struct threadobj {
struct traceobj *tracer;
sem_t *cancel_sem;
struct sysgroup_memspec memspec;
-   struct agent_memspec agent;
struct backtrace_data btd;
 };
 
@@ -392,7 +391,7 @@ static inline int threadobj_local_p(struct threadobj *thobj)
 
 void threadobj_init_key(void);
 
-int threadobj_pkg_init(void);
+int threadobj_pkg_init(int anon_session);
 
 #ifdef __cplusplus
 }
diff --git a/include/copperplate/tunables.h b/include/copperplate/tunables.h
index 8428716..640b8b4 100644
--- a/include/copperplate/tunables.h
+++ b/include/copperplate/tunables.h
@@ -27,6 +27,7 @@ struct copperplate_setup_data {
int no_registry;
int shared_registry;
size_t mem_pool;
+   gid_t session_gid;
 };
 
 #ifdef __cplusplus
@@ -85,6 +86,16 @@ static inline read_config_tunable(mem_pool_size, size_t)
return __copperplate_setup_data.mem_pool;
 }
 
+static inline define_config_tunable(session_gid, gid_t, gid)
+{
+   __copperplate_setup_data.session_gid = gid;
+}
+
+static inline read_config_tunable(session_gid, gid_t)
+{
+   return __copperplate_setup_data.session_gid;
+}
+
 #ifdef __cplusplus
 }
 #endif
diff --git a/lib/copperplate/cluster.c b/lib/copperplate/cluster.c
index eac0afe..f0552f0 100644
--- a/lib/copperplate/cluster.c
+++ b/lib/copperplate/cluster.c
@@ -174,8 +174,11 @@ static int cluster_probe(struct hashobj *hobj)
 * we can send

[Xenomai-git] Philippe Gerum : copperplate: enable group-based access to sessions

2015-09-14 Thread git repository hosting 
Module: xenomai-3
Branch: next
Commit: cf21e806295981a9d0e342f683bfef419b6e3c68
URL:
http://git.xenomai.org/?p=xenomai-3.git;a=commit;h=cf21e806295981a9d0e342f683bfef419b6e3c68

Author: Philippe Gerum 
Date:   Fri Sep 11 18:47:24 2015 +0200

copperplate: enable group-based access to sessions

Passing --session foo/ will allow the members of the designated
UNIX group to attach the shared heap and use the Copperplate services
within a particular session.

 may be a valid GID or group name from /etc/group.  With
Cobalt, such group would typically match the xenomai.allowed_group
parameter passed to the kernel.

To set up a shared session involving non-privileged users, all of them
must be members of a dedicated UNIX group, and the following
operations should be carried out:

1. if using Cobalt, pass xenomai.gid= on the kernel command
line accordingly

2. set udev rules to chown+chmod /dev/rtdm/* files with proper group
permissions (e.g. for user group "xenomai" => SUBSYSTEM=="rtdm",
MODE="0660", GROUP="xenomai")

3. create the registry root manually with proper permissions, 1777 is
recommended if non-privileged processes will belong to the session

4. if --shared-registry is required from a non-privileged session
initiator (i.e. the first process establishing the session), set
user_allow_other in /etc/fuse.conf

5. to start a session with group-based access control, suffix the
session name with the allowed group name or id separated with a slash
('/') when starting the session initiator, i.e. --session
name/.

For instance, with {user} a member of the "xenomai" group:

/* The initiator of session 'foo' is [root] */
[root] ./program --session foo/xenomai

/* Bind a non-privileged process from {user} to session 'foo' */
{user} ./program --session foo

Or, with {user1} and {user2} both members of the "xenomai" group:

/* The initiator of session 'foo' is {user1} */
{user1} ./program --session foo/xenomai

/* Bind a process from {user2} to session 'foo' */
{user2} ./program --session foo

---

 include/copperplate/heapobj.h |8 --
 include/copperplate/threadobj.h   |3 +-
 include/copperplate/tunables.h|   11 
 lib/copperplate/cluster.c |5 +++-
 lib/copperplate/heapobj-pshared.c |   55 -
 lib/copperplate/init.c|   47 +--
 lib/copperplate/internal.c|   10 +++
 lib/copperplate/internal.h|2 ++
 lib/copperplate/registry.c|5 ++--
 lib/copperplate/threadobj.c   |   50 +
 10 files changed, 150 insertions(+), 46 deletions(-)

diff --git a/include/copperplate/heapobj.h b/include/copperplate/heapobj.h
index c61cf3e..4cf947e 100644
--- a/include/copperplate/heapobj.h
+++ b/include/copperplate/heapobj.h
@@ -192,11 +192,6 @@ struct sysgroup_memspec {
struct holder next;
 };
 
-struct agent_memspec {
-   /** Agent pid in owner process. */
-   pid_t pid;
-};
-
 static inline void *mainheap_ptr(memoff_t off)
 {
return off ? (void *)__memptr(__main_heap, off) : NULL;
@@ -326,9 +321,6 @@ char *xnstrdup(const char *ptr);
 struct sysgroup_memspec {
 };
 
-struct agent_memspec {
-};
-
 /*
  * Whether an object is laid in some shared heap. Never if pshared
  * mode is disabled.
diff --git a/include/copperplate/threadobj.h b/include/copperplate/threadobj.h
index 1d01709..f27c111 100644
--- a/include/copperplate/threadobj.h
+++ b/include/copperplate/threadobj.h
@@ -212,7 +212,6 @@ struct threadobj {
struct traceobj *tracer;
sem_t *cancel_sem;
struct sysgroup_memspec memspec;
-   struct agent_memspec agent;
struct backtrace_data btd;
 };
 
@@ -392,7 +391,7 @@ static inline int threadobj_local_p(struct threadobj *thobj)
 
 void threadobj_init_key(void);
 
-int threadobj_pkg_init(void);
+int threadobj_pkg_init(int anon_session);
 
 #ifdef __cplusplus
 }
diff --git a/include/copperplate/tunables.h b/include/copperplate/tunables.h
index 8428716..640b8b4 100644
--- a/include/copperplate/tunables.h
+++ b/include/copperplate/tunables.h
@@ -27,6 +27,7 @@ struct copperplate_setup_data {
int no_registry;
int shared_registry;
size_t mem_pool;
+   gid_t session_gid;
 };
 
 #ifdef __cplusplus
@@ -85,6 +86,16 @@ static inline read_config_tunable(mem_pool_size, size_t)
return __copperplate_setup_data.mem_pool;
 }
 
+static inline define_config_tunable(session_gid, gid_t, gid)
+{
+   __copperplate_setup_data.session_gid = gid;
+}
+
+static inline read_config_tunable(session_gid, gid_t)
+{
+   return __copperplate_setup_data.session_gid;
+}
+
 #ifdef __cplusplus
 }
 #endif
diff --git a/lib/copperplate/cluster.c b/lib/copperplate/cluster.c
index eac0afe..f0552f0 100644
--- a/lib/copperplate/cluster.c
+++ b/lib/copperplate/cluster.c
@@ -174,8 +174,11 @@ static int cluster_probe(struct hashobj *hobj)
 * we can send the