How to duplicate a Linux device file?

Question

In our system we use mmap() on the /dev/mem file to access a memory mapped hardware device. However, using this device file requires running the application in superuser mode (sudo) in order to write to the physical device. We are looking for a way to get rid of this limitation.

Supposedly, one can change the access permissions on the device file. However, this is not a recommended solution.

One suggestion we had is, instead of writing a new, full kernel mode device driver for the hardware, we can duplicate the /dev/mem device, changing its write permission, and use mmap() on the new device.

Reading a few manual pages, I found the mknod command. So I used it to create a special file, emem, with similar attributes to the /dev/mem file (esp., the major and Minor versions of the device) . Using the new file in my program, I still needed the duso. So, I changed its attributes to full r/w permissions, but it did not change the need for sudo.

Next, I tried changing the permissions of dev/mem itself to 0777, but it did not help either.

Which leads to the following questions:

1. Is the need for sudo privilege comes from using mmap() or from the specific devices it maps?

2. If the former, how to eliminate this?

3. If the latter, how can I duplicate the /dev/mem functionality, with full permissions?

Answer 1

According to http://www.raspberrypi.org/phpBB3/viewtopic.php?f=29&t=22515

To open /dev/mem you need both regular access permissions on the device file and the security capability CAP_SYS_RAWIO, or to be root. There is no getting around this, because full access to memory allows a lot more than just GPIO. It has huge security implications.

This is presumably checked inside the mem device driver.

The solution is to give the users that need to be able to access /dev/mem the CAP_SYS_RAWIO capability, and also put them in the kmem user group (which has read access to the device).