* Paul Davis <[EMAIL PROTECTED]> wrote: > Just a reminder: setuid root is precisely what we are attempting to > avoid. > > >If you have the source code for the programs then they could be modified > >to drop the root euid after they've changed policy. Or even do the > > This is insufficient, since they need to be able to drop RT scheduling > and then reacquire it again later.
i believe RT-LSM provides a way to solve this cleanly: you can make your audio app setguid-audio (note: NOT setuid), and make the audio group have CAP_SYS_NICE-equivalent privilege via the RT-LSM, and then you could have a finegrained per-app way of enabling SCHED_FIFO scheduling, without giving _users_ the blanket permission to SCHED_FIFO. Ok? this way if jackd (or a client) gets run by _any_ user, all jackd processes will be part of the audio group and can do SCHED_FIFO - but users are not automatically trusted with SCHED_FIFO. you are currently using RT-LSM to enable a user to do SCHED_FIFO, right? I think the above mechanism is more secure and more finegrained than that. Ingo - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/