[LAD] QTractor: QThreads: Not realtime on Linux without root?

[Felipe Ferreri Tonello]

Hi Ralf,

On 11/01/17 12:52, Ralf Mattes wrote:
>  
> Am Mittwoch, 11. Januar 2017 13:21 CET, Felipe Ferreri Tonello <eu at felipetonello.com> schrieb: 
>  
>> Hi Ralf,
>>
>> On 03/01/17 21:37, Ralf Mattes wrote:
>>>  
>>> Am Dienstag, 03. Januar 2017 19:31 CET, Felipe Ferreri Tonello <eu at felipetonello.com> schrieb: 
>>>  
>>>
>>>> If sched_setscheduler() returns -1, check if errno is set to EPERM. In
>>>> this case the user trying to perform this operation does not have
>>>> CAP_SYS_NICE[1] capability, which is *required*.
>>>>
>>>> [1] http://man7.org/linux/man-pages/man7/capabilities.7.html
>>>>
>>>> If you want this type of feature, set CAP_SYS_NICE to the group audio
>>>> that you are referring.
>>>
>>> ??? How can I grant capabilities to a group? I thought capabilites where either given to
>>> a user (via /etc/security/capability.conf) or to a binary (by means of setcap).
>>
>> AFAIK, pam_cap support users and groups.
> 
> Not according to my local manpages (pam_cap(8)  09/23/2011 and CAPABILITY.CONF(5) -- 09/23/2011).
> Do you have any y reference for your information?

I never tested, but try out based on this reference[1] paragraph 2.2.

Apparently there are two implementations for pam_cap. One supports the
other doesn't.

[1]
http://blog.sevagas.com/?Linux-security-using-a-limited-group-PAM-modules
[2] https://github.com/ekline/pamcap/blob/master/pam_capability.c
[3] https://github.com/pexip/os-libcap2/blob/master/pam_cap/pam_cap.c

Good luck.

-- 
Felipe
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0x92698E6A.asc
Type: application/pgp-keys
Size: 7177 bytes
Desc: not available
URL: <http://lists.linuxaudio.org/pipermail/linux-audio-dev/attachments/20170111/880dc218/attachment.key>