[linux-audio-dev] Linux Security Module for realtime audio

[Jack O'Quin]

torbenh at gmx.de wrote:

> attached is what i have done today.... works, but needs to
> be checked by someone who can judge about the sideeffects.
> 
> i am not so sure about them.

I can't comment on the overall security of your module, Torben.

But, I did finally find time to try it out, and it works great.

Yesterday, I downloaded linux-2.6.0-test11 from kernel.org, configured
it to use ALSA, preemptive scheduling, and LSM with capabilites.  I
built that and installed it.  Everything comes up and runs fine.
Then, I built the jackcap LSM you posted here.  It compiled and
installed in `/lib/modules/2.6.0-test11/extra/jackcapabilities.ko'.
After running `modprobe jackcapabilities', `jackstart -R' was working.

I am very pleased by how cleanly this all worked.  Using the 2.6
preemptive scheduler I can run JACK at -r44100 -p64 (a 1.5msec period)
with only occasional xruns.  I've seen eight in the last hour.  That's
under light load.  Not good enough for pro audio, but fine for most
consumer use, I suspect.  And this was using a standard kernel right
out of the box.  The rest of my system and its hardware are fairly
well tuned, of course.  Newbies probably won't do as well.

Encouraged by your success, I plan to modify this LSM to implement the
`kernel/realtime' and `kernel/realtime-group' interfaces we discussed
recently.  I'll keep you posted on how that progresses.
-- 
  joq