[linux-audio-dev] Re: POSIX caps/realtime/root processes

[Fernando Pablo Lopez-Lezcano]

> The Linux Security Module (LSM) interface is a standard part of 2.6.
> There actually is a backport of the security modules patch to 2.4 on
> the NSA site for SELinux.  But, it is quite large and I doubt many
> people would want to apply it for running realtime audio.

It depends on whether it interacts with other patches... But yes, I
would prefer not to have to add YAP (yet another patch? :-)

> Your small patch is probably safer and more secure.
> So, my feeling is that the best approach is...
> 
>   (1) LSM for 2.6.  
>
>   (2) An interface-compatible variant of your patch for 2.4.  

I agree, looks good to me. 

> I intend to continue experimenting along these lines until I prove to
> myself that all this really works and is useful.  So, far it looks
> encouraging.

Indeed... thanks for working on this! A LOT!
-- Fernando