search

eclipse-iceoryx / iceoryx

Eclipse iceoryx™ - true zero-copy inter-process-communication
https://iceoryx.io
Apache License 2.0
1.57k stars 373 forks source link

Make ACL support optional #1176

Open niclar opened 2 years ago

niclar commented 2 years ago

Brief feature description

The iceoryx ACL support does not only require a preinstalled libacl it also requires a filesystem which supports it. This is not always given, especially when one works in a docker environment or some other virtual environment like WSL in Windows.

When developing iceoryx based applications on such platform it would be helpful when one could disable this feature during development - maybe with a cmake switch like -DENABLE_ACL_SUPPORT. This could then also be used for platforms like Windows and Mac OS to disable acl support there explicitly instead of using a stub acl implementation.

original issue content

Hi roudi fails to start in wsl due to missing acl_set_fd support I belive. -Would you consider making the shared memory access control optional somehow ? -That would facilitate testing under wsl.

iceoryx_hoofs/source/posix_wrapper/access_control.cpp:72 { bool iox::posix::AccessController::writePermissionsToFile(const int32_t) const -> acl_set_fd } ::: [ 95 ] Operation not supported Error: Could not set file ACL. 2022-02-28 17:00:46.455 [ Error ]: ICEORYX error! MEPOO__SEGMENT_COULD_NOT_APPLY_POSIX_RIGHTS_TO_SHARED_MEMORY

(commit: da2d4725c6aa5d6527d8c59c43e1f9a7fc2883cb)

dkroenke commented 2 years ago

Hi, thanks for the input, can you point me which WSL version you are using? A recent test on a WSL 2 Ubuntu 20.04 image with latest iceoryx master did not show any error. Do you maybe use some special filesystem that does not support ACL? Maybe this discussion give a hint.

niclar commented 2 years ago

@dkroenke it's WSL 1 (which don't have full linux call compatibility, or implementation rather, unfortunately)

elfenpiff commented 2 years ago

@niclar I see what I can do but this may take some time.

To solve this problem locally yourself you could try to copy the file iceoryx_hoofs/platform/win/include/iceoryx_hoofs/platform/acl.hpp to iceoryx_hoofs/platform/linux/include/iceoryx_hoofs/platform/acl.hpp .

In Windows we do not support ACLs at all and replaced the libacl implementation with a stub implementation. When you copy the windows acl.hpp file to the linux platform then linux would as well use the stub implementation of windows. It is like turning of ACLs.

xixioba commented 2 years ago

I have the same problem with m1 max macos + docker + ros2 rolling image.

elfenpiff commented 2 years ago

@niclar @xixioba I updated the title and the issue description to turn this into an issue for a feature request.

I think this is something which we can start implement right after iceoryx 2.0 is released. In the meantime can you solve the problem with the hack I presented in the comment above?

niclar commented 2 years ago

Great @elfenpiff.

-I can confirm, the workaround works.

-Can it be a runtime option instead ?

dkroenke commented 2 years ago

-Can it be a runtime option instead ?

@niclar Looking at the tickets this is currently not planned, but you are invited to make a proposal Pull-Request for this.

Zard-C commented 10 months ago

@niclar I see what I can do but this may take some time.

To solve this problem locally yourself you could try to copy the file iceoryx_hoofs/platform/win/include/iceoryx_hoofs/platform/acl.hpp to iceoryx_hoofs/platform/linux/include/iceoryx_hoofs/platform/acl.hpp .

In Windows we do not support ACLs at all and replaced the libacl implementation with a stub implementation. When you copy the windows acl.hpp file to the linux platform then linux would as well use the stub implementation of windows. It is like turning of ACLs.

Thanks, it really works on macOS Intel and docker container