> > > So, I modified Torben's LSM to check supplementary groups, and this > > > seems to work fine. From a system admin perspective it's pretty good. > > > I'm a member of group `audio', which was accomplished by adding my > > > user ID (joq) to the appropriate entry in /etc/group... > > > > > > [...] > > > > well this is an alternative but i would be happier to explicitely give > > away the DOS privilege to programs. rather than enabling it for my > > account. > > I completely agree that my supplementary groups idea is less secure > than the setgid approach.
The "sgid approach" is in addition to having a realtime group or instead? I have the feeling I have missed something in the thread. I would prefer to have the option of: a) no protection: I turn on "realtime" (/proc control and/or loading the realtime module, right?) and any user can run any program and crash the system by hogging the cpu in a tight loop :-) b) a group of users: only users in a designated group can crash the system. c) a group of programs: only writers of realtime "approved" programs get a chance (through the help of any user or users in a group) to crash the system. Most probably in my environment I would use a), maybe b), most probably not c). -- Fernando
