[linux-audio-dev] new realtime scheduling policy

[Paul Davis]

>the problem i see with it is that, for this to be useful, (ie, help
>the people for which the capsys stuff is too much trouble), it has to
>be in the kernel that comes with their distribution. but i really
>don't see this getting into the mainline kernel...though perhaps media
>friendly distros will put it in. 

why do you see it this way?

if someone has already cracked security such that they can write to
(say) /proc/sys/kernel/rtuser, they already have the power to do more
or less anything to the machine. they can *already* run SCHED_FIFO
tasks, install trojans, shutdown the system, repartition and/or
overwrite the hard drive. adding the capacity to let non-root users
run SCHED_FIFO and call mlockall is already included in the set of
things they can do - the /proc file just makes it simpler.

in addition, if you add resource limits so that things can still be
killed, having user tasks running like this actually isn't much of a
problem - SCHED_FIFO and mlockall only represent a denial of service
attack if you can't kill them (as is the case at the moment).

--p