* Ingo Molnar ([EMAIL PROTECTED]) wrote: > i believe RT-LSM provides a way to solve this cleanly: you can make your > audio app setguid-audio (note: NOT setuid), and make the audio group > have CAP_SYS_NICE-equivalent privilege via the RT-LSM, and then you > could have a finegrained per-app way of enabling SCHED_FIFO scheduling, > without giving _users_ the blanket permission to SCHED_FIFO. Ok? > > this way if jackd (or a client) gets run by _any_ user, all jackd > processes will be part of the audio group and can do SCHED_FIFO - but > users are not automatically trusted with SCHED_FIFO. > > you are currently using RT-LSM to enable a user to do SCHED_FIFO, right? > I think the above mechanism is more secure and more finegrained than > that.
No, rt-lsm is actually gid based. thanks, -chris -- Linux Security Modules http://lsm.immunix.org http://lsm.bkbits.net - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
