방화벽 구현의 일부로 다음과 같은 방식으로 정의된 속성을 사용하여 sysfs 장치를 구현하고 있습니다.
#define FILE_PERMISSIONS S_IWUSR | S_IRUGO
static DEVICE_ATTR(sysfs_att, FILE_PERMISSIONS, display, modify);
파일을 읽는 데 문제가 없습니다.
cat /sys/class/secws_class/secws_class_secws_device/sysfs_att
하지만 수정(저장) 작업을 지원하므로 다음 명령을 사용하여 장치와 상호 작용할 계획입니다.
echo "0" > /sys/class/secws_class/secws_class_secws_device/sysfs_att
그러나 이로 인해
-bash: /sys/class/secws_class/secws_class_secws_device/sysfs_att: Permission denied
sudo 와 함께 사용하는 경우에도 이런 일이 발생합니다 tee
. 또한 sys 파일에 올바른 권한이 있고 사용자에 대한 쓰기 권한이 있는지도 확인했습니다.
이미 시도한 것 외에는 이 문제를 처리할 수 있는 새로운 방법을 찾을 수 없습니다. 혹시 아이디어가 있습니까?
편집: 귀하의 요청에 따라 로그는 다음과 같습니다.
fw@fw-VirtualBox:~/HW2$ make
make -C /lib/modules/4.15.0-118-generic/build M=/home/fw/HW2 modules
make[1]: Entering directory '/usr/src/linux-headers-4.15.0-118-generic'
LD [M] /home/fw/HW2/hw2secws.o
Building modules, stage 2.
MODPOST 1 modules
LD [M] /home/fw/HW2/hw2secws.ko
make[1]: Leaving directory '/usr/src/linux-headers-4.15.0-118-generic'
fw@fw-VirtualBox:~/HW2$ sudo insmod hw2secws.ko
fw@fw-VirtualBox:~/HW2$ cat /sys/class/secws_class/secws_class_secws_device/sysfs_att
358310
fw@fw-VirtualBox:~/HW2$ echo "0" | sudo tee /sys/class/secws_class/secws_class_secws_device/sysfs_att
0
tee: /sys/class/secws_class/secws_class_secws_device/sysfs_att: Operation not permitted
fw@fw-VirtualBox:~/HW2$ echo "0" > /sys/class/secws_class/secws_class_secws_device/sysfs_att
-bash: /sys/class/secws_class/secws_class_secws_device/sysfs_att: Permission denied
fw@fw-VirtualBox:~/HW2$ ls -l /sys/class/secws_class/secws_class_secws_device/sysfs_att
-rw-r--r-- 1 root root 4096 נוב 8 21:25 /sys/class/secws_class/secws_class_secws_device/sysfs_att
fw@fw-VirtualBox:~/HW2$ sudo chown fw /sys/class/secws_class/secws_class_secws_device/sysfs_att
fw@fw-VirtualBox:~/HW2$ ls -l /sys/class/secws_class/secws_class_secws_device/sysfs_att
-rw-r--r-- 1 fw root 4096 נוב 8 21:25 /sys/class/secws_class/secws_class_secws_device/sysfs_att
fw@fw-VirtualBox:~/HW2$ echo "0" | sudo tee /sys/class/secws_class/secws_class_secws_device/sysfs_att
0
tee: /sys/class/secws_class/secws_class_secws_device/sysfs_att: Operation not permitted
fw@fw-VirtualBox:~/HW2$ echo "0" > /sys/class/secws_class/secws_class_secws_device/sysfs_att
-bash: echo: write error: Operation not permitted
그리고 MRE:
static int major_number;
static struct class* sysfs_class = NULL;
static struct device* sysfs_device = NULL;
static struct file_operations fops = {
.owner = THIS_MODULE
}
ssize_t display(struct device *dev, struct device_attribute *attr, char *buf){
...
}
ssize_t modify(struct device *dev, struct device_attribute *attr, const char *buff, size_t data_size)
{
...
}
#define FILE_PERMISSIONS S_IWUSR | S_IRUGO
static DEVICE_ATTR(sysfs_att, FILE_PERMISSIONS, display, modify);
int init_sysfs_module(void){
/* Register Char-Device */
major_number = register_chrdev(0, CHRDEV_NAME, &fops);\
if (major_number < 0)
return -1;
/* Create Sysfs-Class */
sysfs_class = class_create(THIS_MODULE, CLASS_NAME);
if (IS_ERR(sysfs_class))
{
unregister_chrdev(major_number, CHRDEV_NAME);
return -1;
}
/* Link DEVICE_NAME to sysfs_class */
sysfs_device = device_create(sysfs_class, NULL, MKDEV(major_number, 0), NULL, DEVICE_NAME);
if (IS_ERR(sysfs_device))
{
class_destroy(sysfs_class);
unregister_chrdev(major_number, CHRDEV_NAME);
return -1;
}
/* Modify the device to use defined show/store methods */
if (device_create_file(sysfs_device, (const struct device_attribute *)&dev_attr_sysfs_att.attr))
{
device_destroy(sysfs_class, MKDEV(major_number, 0));
class_destroy(sysfs_class);
unregister_chrdev(major_number, CHRDEV_NAME);
return -1;
}
return 0;
}
void deinit_sysfs_module(void){
device_remove_file(sysfs_device, (const struct device_attribute *)&dev_attr_sysfs_att.attr);
device_destroy(sysfs_class, MKDEV(major_number, 0));
class_destroy(sysfs_class);
unregister_chrdev(major_number, CHRDEV_NAME);
}
static int __init module_init_function(void) {
init_sysfs_module();
HANDLE_NF_HOOKS(REGISTER_NF_HOOKS);
return 0;
}
static void __exit module_exit_function(void) {
deinit_sysfs_module();
HANDLE_NF_HOOKS(CLEAR_NF_HOOKS);
}
module_init(module_init_function);
module_exit(module_exit_function);
편집 2: 나는 또한 다음을 시도했습니다.
fw@fw-VirtualVox:~/HW2$ sudo su -
root@fw-VirtualBox:~# echo "0" > /sys/class/secws_class/secws_class_secws_device/sysfs_att
-sw: echo: write error: Operation not permitted