Not necessarily.
Are there the usual insmod/lsmod/rmmod device driver/kernel loadable modules for the raspberry pi? You should not then need a fire door - just a device driver.
Nothing wrong with SysV IPC.
-- Les Cargill
That isn't what Mel is talking about, but you may have been confused by him using the word firedoor instead of firewall.
He's clearly worried that if someone managed to compromise the Internet facing part of his system, then they would own the whole system if he had combined the GPIO code (which needs privileges) with his Internet code into one process.
Instead he wants to run the Internet code as unprivileged and communicate with the privileged code using IPC. As I mentioned in my last post in this thread, I've never had to do this with a embedded board so I don't know what other tools are available to him in the versions of Linux shipped with those boards.
Whenever I build a new Internet facing server as part of my day job I use a full blown RHEL based system with SELinux running in enforcing mode and with custom profiles as required. I also lockdown the Internet facing processes to the minimum required (within reason :-)).
Even with all that, I would still probably seperate the privileged operations from the unprivileged operations just has he has donw.
Simon.
-- Simon Clubley, clubley@remove_me.eisner.decus.org-Earth.UFP Microsoft: Bringing you 1980s technology to a 21st century world
ElectronDepot website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.