[linux-audio-dev] Re: [Jackit-devel] Re: POSIX caps/realtime/root processes

Fernando Pablo Lopez-Lezcano nando at ccrma.Stanford.EDU
Mon Nov 17 04:43:26 UTC 2003


> Paul Davis:
> > >Since mainstream capabilities support seems always to be somewhere
> > >over the horizon, I am interested in the patch Paul and Steve
> > >mentioned.  IIUC, it defines a control file in /proc which, if
> > >enabled, allows any process access to scheduling and memory locking
> > >privileges.  No other capabilities are provided.  I would love to see
> > >a copy of this patch to study exactly what it does.
> >
> > its a very simple patch, IIRC. it just short-circuits the checks on
> > uid==0 and/or capabilities when assigning SCHED_FIFO and/or locking
> > memory.
> >
> > i'm looking for it in my archives. i'm a bit worried i may have
> 
> I couldn't wait til you found it, so I wrote one from scratch instead. :)
> The url below point to a hackish patch againt 2.4.23-rc1, and yes, it is
> very simple. Works by setting /proc/sys/kernel/setschedandmlock to 1.
> http://www.notam02.no/arkiv/src/schedmlockpatch-2.4.23-rc1

Hey! Good! I'm very tempted to add it to the Planet CCRMA kernels right
away :-)

Has it seen much testing? Not that something so simple would require a
lot of testing, of course. I'm trying to think of potential problems
(over the use of capabilities) and can't think of anything. The only
that would occur to me is that access to SCHED_FIFO would be more
universal whereas with capabilities, programs like givertcap or
jackstart are required. 

-- Fernando





More information about the Linux-audio-dev mailing list