On Fri, 2003-01-31 at 03:42, [EMAIL PROTECTED] wrote: > Merging preempt with current cooker is not really a problem. With the new > XFS it is likely that it will work fine. The lock-breaking is a different > issue (hasn't been updated since 2.4.18, and there are a few problems with > that patch), perhaps I take a look at the real low-latency stuff, but no > idea how well that merges with mdk kernel.
Cool. I think gentoo is the only distro shipping a low latency kernel as the default. Also I've been trying to figure out how to get jack to work with FIFO. Apparently it requires a patched kernel?!? I'm no expert on this kind of low-level stuff. Danny, do you understand the implications of this message I got on the linux-audio list? I wish we could get jack to work as it is intended to...i.e. users (not root) get audio-on-demand... [SNIP] > > jackstart - requires the kernel be patched for 'capabilities', whatever that > > is. > > I don't seem to have that command. It is included in the jack tarball (but I would use current CVS). > I do have jackd though. If I try to run jackd -R I get permission > errors. I assume that is the problem? Yep. > Is it not possible to run jackd as root, but run your application as a > user? As Mark pointed out in a separate email, it is not possible. The "capabilities" patch is a 2 line kernel patch that starts init with a full set of capabilities (including CAP_SETPCAP, the ability to set capabilities on other processes). Capabilities are permissions to use certain calls or features of the kernel normally restricted to root only. For example, one of those "capabilities" is the ability of a process to change its own scheduler to SCHED_FIFO(*), or change other processes scheduler to SCHED_FIFO, something we need for reliable low latency sound i/o. An application of this is the jackstart program. Jackstart(**) is a small program that has to run suid root that grants jackd the capabilities that it needs to both go SCHED_FIFO itself and grant its clients the capabilities to go SCHED_FIFO (and a couple of other needed capabilities as well). Why is this patch not widely included in production kernels? There's a catch :-) The catch is that it becomes possible for a user level program to access the SCHED_FIFO scheduler ring (_necessary_ for reliable low latency sound). Which means a user program can lock the machine (by entering into an infinite loop while executing with SCHED_FIFO) and create a DOS vulnerability. Obviously the alternatives are even worse (unreliable low latency operation, or running everything as root) -- Fernando See also: http://ftp.kernel.org/pub/linux/libs/security/linux-privs/kernel-2.4/capfaq-0.2.txt (*) see man sched_setscheduler for what this all means (**) I wrote jackstart, it is based on code and concepts found in sucap.c, written by Finn Arne Gangstad <[EMAIL PROTECTED]> and givertcap.c, written by Tommi Ilmonen, [EMAIL PROTECTED] Givertcap is also included in the standard distribution of muse. [SNIP] Austin -- Austin Acton Hon.B.Sc. Synthetic Organic Chemist, Teaching Assistant Department of Chemistry, York University, Toronto MandrakeClub Volunteer (www.mandrakeclub.com) homepage: www.groundstate.ca
