> > The "sgid approach" is in addition to having a realtime group or > > instead? I have the feeling I have missed something in the thread. > > The setgid approach *is* a match on the realtime group. The question > is which of several group IDs to you actually match against. Torben's > jackcaps-0.2 checked only the effective group ID of the exec file. > > My current version checks others, too: the user's real and > supplementary groups. Note that these are set by login, newgrp, > etc. and are independent of the actual program being loaded.
Thanks for the clarification, I was getting confused... so the GTK problem only happens if you try to tag executables only for realtime access. > I'll append a copy to this message, so you can look at it. It's not > ready to release yet. But, it seems to work for me. I'm not yet testing 2.6.0 (well, I just booted it once a couple of days ago). Is there anything being done for 2.4.x? > My current prototype is called `realtime', not `jackcapabilities', and > has the following load-time options.. > > # modprobe realtime # `jackstart' capabilities only Meaning? > # modprobe realtime any=1 # option a) > # modprobe realtime gid=29 # options b) and c) > > I plan to to add another option, mlock=0, for people who don't feel > the need for locking storage. With this option, I would only grant > CAP_SYS_NICE. Sounds good to me. Is it possible to control the options through /proc as well? Or just at load time? -- Fernando