On 31 Jan 2003, Austin Acton wrote: > > As Mark pointed out in a separate email, it is not possible. I'd like to see that mail.
> > The "capabilities" patch is a 2 line kernel patch that starts init with > a full set of capabilities (including CAP_SETPCAP, the ability to set > capabilities on other processes). Capabilities are permissions to use > certain calls or features of the kernel normally restricted to root > only. For example, one of those "capabilities" is the ability of a > process to change its own scheduler to SCHED_FIFO(*), or change other What I think is the problem is that they want jackd to be able to reschedule any program at some moment in time. For this, they would continuously need the ability to mess with the scheduler. I would consider this a very non-secure thing, not much better than having it run all the time as root. Though I wonder why that is not possible. Anyway, it seems that this is only possible by sacrificing security: do we want that in the low_lat kernel or not? > Obviously the alternatives are even worse (unreliable low latency > operation, or running everything as root) Funny to see how these audio people thing low latencies are worse that a security problem. d.
