>> I've been thinking about ways to use this feature to improve and >> simplify the current security situation for Linux audio. No >> conclusions, but here are some thoughts for discussion: >> >> (1) There should a simple way for the sysadmin to reliably disallow [ .. ] >> (2) Using sysctl, set a group id (like `audio') for which realtime [ ... ] >> (3) We could also define a default realtime group (gid 0 maybe),
>What about this one: > >(4) Let the user that is currently physical logged in to the machine >get realtime privileges. i'd be interested to hear from fernando about this kind of thing. many of us on LAD work on what are to all effects and purposes single user machines. i'd like to hear how policies like 1-4 above, or others, appear in the context of an academic "shared resource" environment. --p ps. this is the kind of thing that can really distinguish *nix from other systems. i've heard from at least academic music department about the problems they've faced since being forced to switch to windows.