GNATStudio and run/debug root privileges on Linux

I built the Raw_Send GNAT.Sockets example program demonstrating simple raw socket usage in GNATStudio continuous release (20240506) on a Linux machine. I cannot run or debug it within GNATStudio because it requires root privileges to create and access the raw socket. Runs fine from the Bash shell prompt.

I tried various kludges to no avail and searched the GNATStudio user manual. The execution command line and environment seems to be highly restricted, can’t just add a “sudo” command. It would be OK if you had to execute the program outside of GNATStudio but running GDB outside of it would be disappointing.

I would like to do a lot more low level programming but it doesn’t seem doable without being able to set root privilege on the execution environment. What am I missing?

1 Like

As a work-around, I was able to launch gnatstudio as root. To me, this is dangerous but this machine is dedicated for my personal use and Ada development. Running & debugging worked as expected, although I did minimal testing. The approach is to have two gnatstudio instances running, one as root for execution/debug exclusively and the other for my regular user work for all other activity. Unsure if the root version will create files that the user version with fail on, or other similar problems. It will also be a challenge to differentiate the two sessions.

1 Like

I’m not sure if this will help as not sure if it takes only one cmd or gdb is the right one but for embedded in the gprbuild config I use the following. You can right click the project name and edit source file I think

   package Ide is
      for Debugger_Command use "/usr/bin/gdb-multiarch"
      for Program_Host use "localhost:4242";
      for Communication_Protocol use "remote";
   end Ide;

If you can run a gdbserver outside you can connect to it using program_host above with the right port

There is also a section for the build and I think debug buttons in maybe preferences builder or something from memory but not sure if it will help.

One trick that might be useful is to use setcap to add the CAP_NET_RAW capability to your binary (or GNATStudio, perhaps). That way you can open raw sockets but not give the app/GNATStudio full root privs.

sudo setcap cap_net_raw /path/to/app

2 Likes

Thanks for the ideas. Using setcap allows the binary to execute correctly, the only downside is the command has to be run after every build as the executable file is deleted/recreated. I haven’t taken the time to try the gdbserver approach but might if I get tried of running setcap commands. This approach is better than running the entire IDE as root.

FWIW: the setcap command needed thread capability sets added to the command to get it to work.

sudo setcap cap_net_raw+ep <filename>
1 Like

It might be worth posing a question at their github for it too and see if they have any suggestions. I willing to believe someone else has had the same problem.

1 Like