[linux-audio-dev] Linux Security Module for realtime audio

Jack O'Quin joq at io.com
Tue Dec 9 04:38:59 UTC 2003


Fernando Pablo Lopez-Lezcano <nando at ccrma.stanford.edu> writes:

> Thanks for the clarification, I was getting confused... so the GTK
> problem only happens if you try to tag executables only for realtime
> access. 

Right.  GTK complains if its executable uses either setuid or setgid.

This is regrettable, because setgid is more secure than assigning a
set of users to the group.  With setgid it is possible to restrict
realtime privileges to a known set of programs.  Otherwise, any
program the privileged users execute can hang the system.

> I'm not yet testing 2.6.0 (well, I just booted it once a couple of
> days ago). Is there anything being done for 2.4.x?

I'm just fooling around with this stuff in my spare time right now.

I made a 2.4.23-rc5 kernel patch to implement the /proc/sys/kernel
interfaces we discussed.  But, then I decided to check out 2.6 to see
what can be done with the new LSM framework.  That seems like the more
important question.  We already have 2.4 solutions via the
capabilities patch.  

I expect a lot of audio users will migrate to 2.6 once it's released
(pretty soon).  Of course, your decisions and AGNULA's will have a big
effect on that.

> >   # modprobe realtime                   # `jackstart' capabilities only
> 
> Meaning?

This enables capabilities processing, equivalent to the 2.4 kernel
capabilities patch.  A program with appropriate privileges (including
CAP_SETPCAP) can assign realtime privileges to other processes.  So,
your `jackstart' program works without requiring a kernel patch.

> Sounds good to me. Is it possible to control the options through /proc
> as well? Or just at load time?

Not right now.  I haven't discovered a way to add an entry to /proc
without patching the kernel, and I don't want to do that.  There is a
new `sysfs' in 2.6 that seems to allow similar kinds of dynamic
control.  I haven't figured out how to use that yet.

The load time access is not so bad.  You can rmmod and then reload the
LSM if you want to change its parameters.  I've been doing that a lot
for testing.  This has no effect on processes that are already
running.
-- 
  joq



More information about the Linux-audio-dev mailing list