Please only include one suggestion or features request per issue!
Is your feature request related to a problem? Please describe.
Camera IA model's firmware upload progress is read from /sys/kernel/debug/imx500-fw:{imx500_device_id}/fw_progress which requires the user to be a member of the sudo group to pass through /sys/kernel/debug:
$ namei -l /sys/kernel/debug/imx500-fw:10-001a/fw_progress
f: /sys/kernel/debug/imx500-fw:10-001a/fw_progress
drwxr-xr-x root root /
dr-xr-xr-x root root sys
drwxr-xr-x root root kernel
drwxr-x--- root sudo debug # <----------
drwxr-xr-x root root imx500-fw:10-001a
-r--r--r-- root root fw_progress
In a school/university/training environment, it is common to have multiple human users for a single Raspberry Pi. In such an environment giving root access (via sudo) to the user used by the trainees is not always wanted.
Describe the solution you'd like
A solution would be to implement a dedicated command that does cat /sys/kernel/debug/imx500-fw:10-001a/fw_progress and spawns this command instead of opening the file at IMX500.init. The command could then be runnable by member of the sudo group. This approach is backward compatible with current behavior and allow other users to add sudo access only to that specific command instead of complete sudo access.
Describe alternatives you've considered
A dedicated debugfs group could be set for access to /sys/kernel/debug instead of the sudo group, but that give access to the entire /sys/kernel/debug directory. As far as I can tell, the picamera2 library only access this directory for monitoring the firmware upload progress.
Additional context
If the suggested approach is validated, I will send a PR.
Please only include one suggestion or features request per issue!
Is your feature request related to a problem? Please describe.
Camera IA model's firmware upload progress is read from
/sys/kernel/debug/imx500-fw:{imx500_device_id}/fw_progresswhich requires the user to be a member of thesudogroup to pass through/sys/kernel/debug:$ namei -l /sys/kernel/debug/imx500-fw:10-001a/fw_progress f: /sys/kernel/debug/imx500-fw:10-001a/fw_progress drwxr-xr-x root root / dr-xr-xr-x root root sys drwxr-xr-x root root kernel drwxr-x--- root sudo debug # <---------- drwxr-xr-x root root imx500-fw:10-001a -r--r--r-- root root fw_progressIn a school/university/training environment, it is common to have multiple human users for a single Raspberry Pi. In such an environment giving root access (via
sudo) to the user used by the trainees is not always wanted.Describe the solution you'd like
A solution would be to implement a dedicated command that does
cat /sys/kernel/debug/imx500-fw:10-001a/fw_progressand spawns this command instead of opening the file at IMX500.init. The command could then be runnable by member of thesudogroup. This approach is backward compatible with current behavior and allow other users to add sudo access only to that specific command instead of complete sudo access.Describe alternatives you've considered
A dedicated
debugfsgroup could be set for access to/sys/kernel/debuginstead of thesudogroup, but that give access to the entire/sys/kernel/debugdirectory. As far as I can tell, the picamera2 library only access this directory for monitoring the firmware upload progress.Additional context
If the suggested approach is validated, I will send a PR.