Jonatan Liljedahl wrote: > Hisham Muhammad wrote: >> On 10/9/07, Jonatan Liljedahl <[EMAIL PROTECTED]> wrote: >>> Would it be possible to include the realtime-lsm patch >>> (http://belnet.dl.sourceforge.net/sourceforge/realtime-lsm/rt-lsm-0.8.7-kernel.patch.gz) >>> in the default gobolinux kernel? It makes it possible for applications >>> to gain realtime privileges without running as root, which is important >>> when working with audio in linux. The patch only adds 4k of code >>> (security/realtime.c). >> Is that safe for standard kernels? Realtime processes, usually, have >> the power to hang the system. > > I actually think it's safer than it is now: > Processes can ask the kernel to get realtime privs, with the default > kernel the process will only get this if it's running as root. > But with the realtime-lsm module, a specific user group can be specified > (when loading the module) that will be able to get realtime privs > without running as root. > > And since it's a module it's just a matter of not loading it if one > wants only root apps to be able to gain realtime privs... > > Note that realtime privs are required for some 'pro' audio apps (like > JACK, Ardour, Traverso, etc..) to work correctly. Without the > realtime-lsm module, users would need to run those as root (and if one > runs JACK as root, then all audio clients must be run as root as well, > not very safe at all...) > > The patch in the URL above didn't apply correctly due to an extra line > in security/Makefile which wasn't there in 2.6.22.7. It was easy to fix > (patch attached) and I'm now compiling a new kernel with this patch and > will report back later.
I have now successfully compiled and tried a new kernel with the patch. It works great, no more drop-outs in JACK. :) If you choose to put this in the default gobo kernel (I hope you will) then note that the default kernel config needs to be updated like this: CONFIG_SECURITY_CAPABILITIES=m CONFIG_SECURITY_REALTIME=m -- /Jonatan [ http://kymatica.com ] _______________________________________________ gobolinux-devel mailing list gobolinux-devel@lists.gobolinux.org http://lists.gobolinux.org/mailman/listinfo/gobolinux-devel
