Philippe Gerum wrote: > On Mon, 2007-06-25 at 15:00 +0200, Johan Borkhuis wrote: >> I am trying to run my Xenomai application as non-root. I disabled >> XENO_OPT_SECURITY_ACCESS to allow non-root users to run Xenomai >> applications. However, this causes my application to exit with the error: [...] >> Is there a way to "tweak" the CAP_IPC_LOCK capability of the system or >> the task so that I can run mlockall call, or is there a way to disable >> this check on Xenomai? > >No way to disable it, since doing so would basically make your system >dysfunctional by risking page faults while not running over a regular >Linux context (i.e. Xenomai's primary domain).
I think Johan was not asking to disable the mlockall, but to allow some non-root user to be able to do it. He found his solution anyway, which is worth an entry in the FAQ. Since it is going to be a FAQ for those people in embedded business, some tricks to allow non-root operation of mlockall, SCHED_FIFO, etc., would be useful. For example, you may hack the commoncap in linux/security/, or a better solution would be to rely on realtime-lsm[1][2], thanks to the audio folks. [1] http://sourceforge.net/projects/realtime-lsm/ [2] http://lwn.net/Articles/110346/ Best Regards, -- Stephane _______________________________________________ Xenomai-help mailing list [email protected] https://mail.gna.org/listinfo/xenomai-help
