I apologizer if this has been discussed, but I haven't read the whole thread. Has the idea of a simple sched_rr helper been discussed?
It can be setuid and only executable by a specific group.
rtsched my_rt_app
setscheduler
drop privs
exec
I guess that doesn't help mlockall(), though. Hrrm.
