[linux-audio-dev] Linux Security Module for realtime audio

torbenh at gmx.de torbenh at gmx.de
Tue Dec 2 07:54:58 UTC 2003

Previous message: [linux-audio-dev] Linux Security Module for realtime audio
Next message: [linux-audio-dev] Linux Security Module for realtime audio
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sun, Nov 30, 2003 at 10:10:45PM -0600, Jack O'Quin wrote:
> torbenh at gmx.de wrote:
> 
> > attached is what i have done today.... works, but needs to
> > be checked by someone who can judge about the sideeffects.
> > 
> > i am not so sure about them.
> 
> Encouraged by your success, I plan to modify this LSM to implement the
> `kernel/realtime' and `kernel/realtime-group' interfaces we discussed
> recently.  I'll keep you posted on how that progresses.

the most simple way would be parameters given to the module for the
realtime group and user. There are nice macros for module parameters.

i believe that adding to the currently overridden function

if( bprm->e_gid == realtime_gid ) {
  bprm->cap_effective = CAP_IPC_LOCK | CAP_SYS_NICE | CAP_SYS_RESORCE
  bprm->cap_permitted = CAP_IPC_LOCK | CAP_SYS_NICE | CAP_SYS_RESORCE
}

should work fine.

although i am not happy with CAP_SYS_RESOURCE ( needed for RTC interrupts > 64Hz )
which also allows a process to Override quota limits.

But because in drivers/char/rtc.c the check is
if ( capable( CAP_SYS_RESOURCE ) ) { allow higher freq }

it seems like its not possible with the current implementation.
but we could however provide a jackrtc module which checks for a
new CAP_RTC_INTS. 

-- 
torben Hohn
http://galan.sourceforge.net -- The graphical Audio language

Previous message: [linux-audio-dev] Linux Security Module for realtime audio
Next message: [linux-audio-dev] Linux Security Module for realtime audio
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Linux-audio-dev mailing list