[linux-audio-dev] Linux Security Module for realtime audio

[Jens M Andreasen]

On Sun, 2003-12-07 at 01:35, Jack O'Quin wrote:
> I've been experimenting with Torben's LSM for the 2.6 kernel, and the
> realtime group permissions mechanism we discussed.
> 
> Naturally, there are some problems.  The worst is that GTK-2 will not
> tolerate the use of setgid...
> 
>   (process:11284): Gtk-WARNING **: This process is currently running setuid or setgid.
>   This is not a supported use of GTK+. You must create a helper
>   program instead. For further details, see:
> 
>     http://www.gtk.org/setuid.html
> 
>   Refusing to initialize GTK+.

In order to get the graphic interface snappy and responsive, I start the
following pthread:

void * interface(void* t_arg)
{

  struct sched_param schp; 

  /** We need realtime performance
   *
   */
  memset(&schp, 0, sizeof(schp));
  schp.sched_priority = sched_get_priority_max(SCHED_RR)/20;
  printf("InterfacePriority level: %d\n",schp.sched_priority);
  
  if (sched_setscheduler(0, SCHED_RR, &schp) != 0) 
    {
      perror("sched_setscheduler");
    }
  else 
    setreuid(getuid(), getuid());	

  // This is the call that starts GTK
  main_interface(_argc,_argv);

  // When we get here, tell everybody else to go home
  running = FALSE;
  return NULL;
}


mvh // Jens M Andreasen

> This seems to totally invalidate the setgid approach we had discussed,
> at least for audio applications using GTK.  QT does not seem to
> complain about setgid, though most of the reasons for avoiding it with
> GTK surely apply there as well.
-<snip>-