With the recent adoption of the realtime rlimits patch into the mainline kernel, people have needed a way of utilising this for their music software. There is apparently a PAM module out there which can be used if one's system uses PAM, but for people on Slackware (which doesn't use PAM) - and perhaps other distributions as well - this is not an available option.
set_rtlimits is a small program I hacked up over the weekend to allow controlled non-priviledged access to realtime scheduling through the new RTPRIO resource limit. set_rtlimits needs to be setuid root but it only runs at elevated priviledges when setting the resource limits. Furthermore, the users who are permitted to use set_rtlimits are controlled through a hardcoded central configuration file (/etc/set_rtlimits.conf), as are the programs those users can run via set_rtlimits and the maximum realtime and nice priorities the users can request for each program. Programs must be specified using absolute paths, so a malicious user can't just run their own ardour binary, for example. There is no homepage for this yet; simply grab the source from http://www.physics.adelaide.edu.au/~jwoithe/set_rtlimits-1.0.0.tgz Documentation is by way of the included README and manpage. Note that this is not polished software. It's not autoconf-ised, although hopefully it won't require too much tweaking to compile on a variety of systems. It probably isn't written in a very portable way, and although it poses no security issues to the best of my knowledge (beyond the usual issues with setuid root programs and realtime priorities) it has not been extensively audited. Having said that it gets the job done for me and might be useful for others. My time is limited at present which is why the rough edges remain. Development was done under Slackware 10.0 running kernel 2.6.12-rc5. Using this program I have successfully run Ardour 0.9beta29 and muse 0.7.2pre1 with Jack 0.99.73 under 2.6.12-rc5 for short periods. Bug reports, improvements, suggestions and patches are welcome; send to the email address included in the tarball documentation. Regards jonathan
