* Paul Davis <[EMAIL PROTECTED]> wrote:
> Just a reminder: setuid root is precisely what we are attempting to
> avoid.
>
> >If you have the source code for the programs then they could be modified
> >to drop the root euid after they've changed policy. Or even do the
>
> This is insufficient, since they need to be able to drop RT scheduling
> and then reacquire it again later.
i believe RT-LSM provides a way to solve this cleanly: you can make your
audio app setguid-audio (note: NOT setuid), and make the audio group
have CAP_SYS_NICE-equivalent privilege via the RT-LSM, and then you
could have a finegrained per-app way of enabling SCHED_FIFO scheduling,
without giving _users_ the blanket permission to SCHED_FIFO. Ok?
this way if jackd (or a client) gets run by _any_ user, all jackd
processes will be part of the audio group and can do SCHED_FIFO - but
users are not automatically trusted with SCHED_FIFO.
you are currently using RT-LSM to enable a user to do SCHED_FIFO, right?
I think the above mechanism is more secure and more finegrained than
that.
Ingo
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
