I am trying to write a simple application that can read msr registers, and am running this application from userspace.
I have loaded the msr module and given read permissions for everyone to /dev/cpu/*/msr. But still the user is not able to access these files but the root can.
The permissions look like this:
crw-r--r-- 1 root root 202, 0 sep 6 17:55 /dev/cpu/0/msr
crw-r--r-- 1 root root 202, 1 sep 6 17:55 /dev/cpu/1/msr
crw-r--r-- 1 root root 202, 2 sep 6 17:55 /dev/cpu/2/msr
crw-r--r-- 1 root root 202, 3 sep 6 17:55 /dev/cpu/3/msr
I keep getting "Operation not permitted" error message when I try to read these files from userspace but works fine when root tries to access them. What am I doing wrong? I am on Ubuntu 13.04 with kernel version 3.11.0.
Changes in the mainline Linux kernel since around 3.7 now require an executable to have capability CAP_SYS_RAWIO to open the MSR device file [2]. Besides loading the MSR kernel module and setting the appropriate file permissions on the msr device file, one must grant the CAP_SYS_RAWIO capability to any user executable that needs access to the MSR driver, using the command below:
sudo setcap cap_sys_rawio=ep <user_executable>
For me (on debian) it helped to set the device permissions after loading the msr
module. In addition to the answer of PaulUTK, as root:
setcap cap_sys_rawio=ep <user_executable>
Setting device permission (check before):
ls -l /dev/cpu/*/msr
crw------- ... /dev/cpu/0/msr
I added a group msr
and assigned it. As root:
chgrp msr /dev/cpu/*/msr
chmod g+rw /dev/cpu/*/msr
ls -l /dev/cpu/*/msr
crw-rw---- ... /dev/cpu/0/msr
Assign the group to the user:
usermod -aG msr hardworkinguser
Bonus hint:
Apply the group as the hardworkinguser without relogin:
newgrp msr
I also heard secure boot must be disabled.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With