Skip to content

docs: Add guide on how to give Remoteproc Runtime permission to a user #6

Closed
yejseo01 wants to merge 16 commits into
arm:mainfrom
yejseo01:docs
Closed

docs: Add guide on how to give Remoteproc Runtime permission to a user #6
yejseo01 wants to merge 16 commits into
arm:mainfrom
yejseo01:docs

Conversation

@yejseo01

@yejseo01 yejseo01 commented Oct 7, 2025

Copy link
Copy Markdown
Contributor

Remoteproc Runtime uses Remoteproc, which usually requires root permissions to write to its filesystem.

There are some extra configuration work that needs to be done to enable a non-root user to be able to use Remoteproc Runtime, and this change adds the document for it.

Changes

Checklist

  • 🤖 This change is covered by tests as required.
  • 🤹 All required manual testing has been performed.
  • 📖 All documentation updates are complete.

Remoteproc Runtime uses Remoteproc, which usually requires root
permissions to write to its filesystem.

To ensure that Remoteproc Runtime has root access, the container
engines that spawn containers with Remoteproc Runtime should be run
with root access.

Signed-off-by: Yejin Seo <yejseo01@arm.com>
@muchzill4 muchzill4 requested review from Copilot and th3james October 7, 2025 10:16

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR adds documentation to clarify that root permissions are required when using Remoteproc Runtime with container engines. The addition explains that remoteproc devices require root access to write to filesystem interfaces, and provides guidance on running container engines with appropriate privileges.

Key Changes:

  • Added a paragraph explaining the necessity of root permissions for remoteproc device access
  • Included guidance on running container engines (Docker daemon, K3S, Podman) with root privileges

Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.

Comment thread docs/USAGE.md Outdated
yejseo01 and others added 3 commits October 8, 2025 09:48
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Signed-off-by: yejseo01 <yejseo01@arm.com>
Signed-off-by: Yejin Seo <yejseo01@arm.com>
@yejseo01 yejseo01 changed the title docs: Mention the necessity of root permissions docs: Add guide on how to give Remoteproc Runtime permission to a user Oct 9, 2025
Comment thread docs/USAGE.md Outdated

@th3james th3james left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Very cool that we got this working. Some suggested readability tweaks.

Comment thread docs/PERMISSION_SETTING.md Outdated
@@ -0,0 +1,51 @@
# Permission setting for non-root users' usage of Remoteproc Runtime

For non-root users to use Remoteproc Runtime, the remoteproc driver and the container engine must be accessible for this user.

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
For non-root users to use Remoteproc Runtime, the remoteproc driver and the container engine must be accessible for this user.
Remoteproc Runtime processes must run with privilege to access the remoteproc sysfs entries. Remoteproc Runtime is typically invoked by the container engine, not the user directly, so the container engine process is actually the process which needs the relevant permissions.

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I haven't checked the user id inside the container engine, but I didn't need to add the container engine's user directly to the remoteproc authorized group to make it work. The suspicion I have is the container spawned in either a root or the user that spawned

Comment thread docs/PERMISSION_SETTING.md Outdated
Comment thread docs/PERMISSION_SETTING.md Outdated
Comment thread docs/PERMISSION_SETTING.md
Comment thread docs/PERMISSION_SETTING.md Outdated
Comment thread docs/PERMISSION_SETTING.md Outdated
# start/stop
echo start | tee /sys/class/remoteproc/remoteproc0/state
echo stop | tee /sys/class/remoteproc/remoteproc0/state
```

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do we need a last step here noting that the container engine needs to be added to this new group?

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I didn't need to add the container engine to the new group to make this work without root. What would the user be in a spawned container??

yejseo01 and others added 7 commits October 10, 2025 15:22
Co-authored-by: James Cox-Morton <Th3james@fastmail.fm>
Signed-off-by: yejseo01 <yejseo01@arm.com>
Co-authored-by: James Cox-Morton <Th3james@fastmail.fm>
Signed-off-by: yejseo01 <yejseo01@arm.com>
Co-authored-by: James Cox-Morton <Th3james@fastmail.fm>
Signed-off-by: yejseo01 <yejseo01@arm.com>
Co-authored-by: James Cox-Morton <Th3james@fastmail.fm>
Signed-off-by: yejseo01 <yejseo01@arm.com>
Co-authored-by: James Cox-Morton <Th3james@fastmail.fm>
Signed-off-by: yejseo01 <yejseo01@arm.com>
Co-authored-by: James Cox-Morton <Th3james@fastmail.fm>
Signed-off-by: yejseo01 <yejseo01@arm.com>
Co-authored-by: James Cox-Morton <Th3james@fastmail.fm>
Signed-off-by: yejseo01 <yejseo01@arm.com>
@yejseo01 yejseo01 closed this Oct 17, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants