[linux-audio-dev] Re: [Jackit-devel] Re: POSIX caps/realtime/root processes
On Mon, 16 Nov 2003, Fernando Pablo Lopez-Lezcano wrote: > > > > I couldn't wait til you found it, so I wrote one from scratch instead. :) > > The url below point to a hackish patch againt 2.4.23-rc1, and yes, it is > > very simple. Works by setting /proc/sys/kernel/setschedandmlock to 1. > > http://www.notam02.no/arkiv/src/schedmlockpatch-2.4.23-rc1 > > Hey! Good! I'm very tempted to add it to the Planet CCRMA kernels right > away :-) > > Has it seen much testing? Not that something so simple would require a > lot of testing, of course. I'm trying to think of potential problems > (over the use of capabilities) and can't think of anything. The only > that would occur to me is that access to SCHED_FIFO would be more > universal whereas with capabilities, programs like givertcap or > jackstart are required. > Its not been much tested. :) But I have run it for a day now, and havent noticed any problems. Its very very simple, shouldn't cause any trouble (except for the security) I guess. There is one thing though, the 60 in the "KERN_GAKK=60," addition to sysctl.h might be the same as other enums applied in later patches. Perhaps change it to something like . I dont know what the KERN_ enums are for though... Or perhaps it can just be removed. --
[linux-audio-dev] Re: [Jackit-devel] Re: POSIX caps/realtime/root processes
> Paul Davis: > > >Since mainstream capabilities support seems always to be somewhere > > >over the horizon, I am interested in the patch Paul and Steve > > >mentioned. IIUC, it defines a control file in /proc which, if > > >enabled, allows any process access to scheduling and memory locking > > >privileges. No other capabilities are provided. I would love to see > > >a copy of this patch to study exactly what it does. > > > > its a very simple patch, IIRC. it just short-circuits the checks on > > uid==0 and/or capabilities when assigning SCHED_FIFO and/or locking > > memory. > > > > i'm looking for it in my archives. i'm a bit worried i may have > > I couldn't wait til you found it, so I wrote one from scratch instead. :) > The url below point to a hackish patch againt 2.4.23-rc1, and yes, it is > very simple. Works by setting /proc/sys/kernel/setschedandmlock to 1. > http://www.notam02.no/arkiv/src/schedmlockpatch-2.4.23-rc1 Hey! Good! I'm very tempted to add it to the Planet CCRMA kernels right away :-) Has it seen much testing? Not that something so simple would require a lot of testing, of course. I'm trying to think of potential problems (over the use of capabilities) and can't think of anything. The only that would occur to me is that access to SCHED_FIFO would be more universal whereas with capabilities, programs like givertcap or jackstart are required. -- Fernando
