Open MPI logo

Open MPI Development Mailing List Archives

  |   Home   |   Support   |   FAQ   |   all Development mailing list

Subject: Re: [OMPI devel] Cross Memory Attach: What am I Missing?
From: Christopher Yeoh (cyeoh_at_[hidden])
Date: 2012-10-18 19:57:27

Hi Sam,

On Thu, 18 Oct 2012 15:08:59 +0000
"Gutierrez, Samuel K" <samuel_at_[hidden]> wrote:
> I really appreciate your pointing me in the right direction. It turns
> out that on this particular system had /etc/sysctl.d/10-ptrace.conf
> was set to 1. Changing this to 0 fixed the problem. I'm not sure if
> this is the best way of getting things to work, but is sufficient for
> my purposes.

Yes I think this is the best way to do it. The kernel side
implementation of CMA does the same permission checking as as ptrace
(checks to see if PTRACE_MODE_ATTACH would be permitted). A value of 1
in that config file only allows you to ptrace direct child processes,
whereas a 0 removes that restriction.

You still need to either have CAP_SYS_PTRACE (eg am probably root) or
have the same UID/GID as the target. So from a security point of view
the only extra risk you have exposed your system to are bugs that may
exist in the ptrace or CMA implementations.



> Thanks!
> Sam
> ________________________________
> From: devel-bounces_at_[hidden] [devel-bounces_at_[hidden]] on
> behalf of George Bosilca [bosilca_at_[hidden]] Sent: Thursday,
> October 18, 2012 7:44 AM To: Open MPI Developers
> Subject: Re: [OMPI devel] Cross Memory Attach: What am I Missing?
> Check the permissions granted by pam. Look in the /etc/security to
> check for any type of restrictions.
> george.
> On Oct 17, 2012, at 23:30 , "Gutierrez, Samuel K"
> <samuel_at_[hidden]<mailto:samuel_at_[hidden]>> wrote:
> Hi,
> I'm trying to run with CMA support, but process_vm_readv is failing
> with EPERM when trying to use it as a regular user (everything seems
> to work fine as root). I've looked around for some solutions, but I
> can't seem to find what I'm looking for. The documentation states
> that the target and source processes need to have the same GID and
> UID to work properly. It appears that they do, so my feeling is that
> I'm missing something.
> Any help is greatly appreciated.
> Thanks,
> Sam
> _______________________________________________
> devel mailing list
> devel_at_[hidden]<mailto:devel_at_[hidden]>