>i wrote a small helper library which allows applications to change >their realtime-priority without having root privilege. > >the method is similar like utempter library: the library forks and >execs the checker program which is set as setuid-root. then the >checker proves the invoking application and user (group or host) is >registered in the list, and if it's ok, changes the RT-priority of the >process. since each user and each application is tested, it's more >secure. the advantage is also that no special kernel patches are >necessary.
takashi - this isn't enough for most apps, because they need to use mlockall(2) as well. i don't think there is anyway to get the priviledge for this without either have an euid of 0 or have the relevant capabilities. --p
