Hello Mark,
Did you try as an alternative using group? I don't remember details but we Implemented similar method in ST.
#Create a Dedicated Group sudo groupadd -r rpmsg
#give access to owner and rpmsg group sudo chown root:rpmsg /dev/rpmsg_ctrl0 sudo chmod 660 /dev/rpmsg_ctrl0
sudo usermod -aG rpmsg <user name associated to your application>
Then as proposed by Tanmay use an udev to automate permissions, creating /etc/udev/rules.d/99-rpmsg.rules: KERNEL=="rpmsg_ctrl*", GROUP="rpmsg", MODE="0660"
Regards, Arnaud
-----Original Message----- From: Shah, Tanmay via Openamp-rp <openamp- rp@lists.openampproject.org> Sent: Monday, February 9, 2026 7:21 PM To: Mark Hatle mark.hatle@amd.com; tanmay.shah@amd.com; openamp-rp@lists.openampproject.org; openamp-system- reference@lists.openampproject.org Cc: Arnaud POULIQUEN - foss arnaud.pouliquen@foss.st.com; Kannan, Arun Balaji arun.balaji.kannan@amd.com; Mathieu Poirier mathieu.poirier@linaro.org Subject: [Openamp-rp] Re: [OA-syst-ref] RPMsg IOCTL access without root permissions from Linux userspace
On 2/6/2026 2:13 PM, Mark Hatle wrote:
On 2/6/26 11:43 AM, Shah, Tanmay via Openamp-system-reference wrote:
Hi all,
I am working on remoteproc auto-boot feature. While working on this, I realized it should be possible to achieve RPMsg communication without root access given to the user. Existing demos doesn't support it, but I want to open discussion on how that can be achieved.
One way discussed was, to use IOCTLS to create RPMSg devices, and I had open issue here: https://github.com/OpenAMP/openamp-system-reference/issues/50
I tried to modify echo_test[1] demo and use IOCTLS instead of accessing devices from sysfs directly, but that still need root access.
My goal is to design following workflow for the RPMsg communication with the remote processor:
- Linux device-tree has auto-boot property enabled.
- During boot, driver parses auto-boot related properties, loads fw
and boots rproc automatically (without user's involvement) 3. After boot, rproc firmware does name service announcement of RPMsg channels. 4. Linux creates RPMsg devices and ept based on above announcement. 5. Userspace apps uses RPMsg ioctls to create ept and rpmsg devices. 6. Userspace apps uses created devices for RPMsg communication with the remote processor.
As per my testing, as of now step-5 and step-6 needs root access. Ideally userspace apps should be able to create/read/write/close rpmsg devices without root access (for security purposes).
Is there any other way this problem is solved? I appreciate your input.
This is a 'capabilities' issue. If a user needs to be able to do something (like run an app that communicates to another app), but it's too dangerous to give them full system root access, you'd define appropriate capabilities and then grant the user JUST the capabilities they need.
i.e. you should be able to grand the ability to read/write/close to a user. The create could require something else. So your app startup becomes:
User/app gets root (this setuid root on the app) App runs, which creates the remote connection and makes it available User/app drops root, and moved to user permissions with an appropriate capability to use those interfaces in a 'safe' way.
I explored more about this. I think we can write udev rule which will create devices automatically. Here is the example:
https://github.com/andersson/rpmsgexport/blob/master/README
I don't have much knowledge on writing udev rules, but I will explore and learn it.
As long as the app startup through dropping the perms is well audited, it is of minimal security concerns. Then the remaining app activities are 'safe' in that they are constrained.
I have no idea offhand what capabilities that IOCTL should use, but there should be a lot of information about this. This is what I would exlore.
Sure I will explore more on IOCTL and user capabilities. There should be some way to allow user to operate on particular devices without root privileges.
Thank you for all the information.
Tanmay
--Mark
Thank You, Tanmay
References:
[1] https://github.com/OpenAMP/openamp-system-reference/blob/main/ examples/linux/rpmsg-echo-test/echo_test.c
-- Openamp-rp mailing list -- openamp-rp@lists.openampproject.org To unsubscribe send an email to openamp-rp- leave@lists.openampproject.org