On Sat, Sep 06, 2003 at 01:54:47PM +0159, Han Boetes wrote:
device ) , what do you tink to segid "video" tvtime like cdrecord ?
like this : root.video rws r-s r-x ?
That's too much. You don't give an app root permissions when it needs
real time priority, you give it real time priority. IE make a wrapper.
you mean a wrapper that gives the app CAP_SYS_NICE, or one that sets
realtime and execs tvtime.
might as well have tvtime doing
nice();
setresgid();
setresuid();
at the very beginning, if it doesn't already.
in the first case we might consider using capsel, a kernel module that
sets capabilities on processes based on a configuration file thus
avoiding the need to write a wrapper for many apps.
regards,
L.
--
Luca Berra -- [EMAIL PROTECTED]
Communication Media & Services S.r.l.
/"\
\ / ASCII RIBBON CAMPAIGN
X AGAINST HTML MAIL
/ \
