[LAD] ?==?utf-8?q? ?==?utf-8?q? QTractor: QThreads: Not realtime on Linux without root?

Ralf Mattes rm at mh-freiburg.de
Wed Jan 11 14:25:37 UTC 2017

Previous message: [LAD] QTractor: QThreads: Not realtime on Linux without root?
Next message: [LAD] QTractor: QThreads: Not realtime on Linux without root?
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

 
Am Mittwoch, 11. Januar 2017 14:20 CET, Felipe Ferreri Tonello <eu at felipetonello.com> schrieb: 
 
> Hi Ralf,
> 
> On 11/01/17 12:52, Ralf Mattes wrote:
> >  
> > Am Mittwoch, 11. Januar 2017 13:21 CET, Felipe Ferreri Tonello <eu at felipetonello.com> schrieb: 
> >  
> >> Hi Ralf,
> >>
> >> On 03/01/17 21:37, Ralf Mattes wrote:
> >>>  
> >>> Am Dienstag, 03. Januar 2017 19:31 CET, Felipe Ferreri Tonello <eu at felipetonello.com> schrieb: 
> >>>  
> >>>
> >>>> If sched_setscheduler() returns -1, check if errno is set to EPERM. In
> >>>> this case the user trying to perform this operation does not have
> >>>> CAP_SYS_NICE[1] capability, which is *required*.
> >>>>
> >>>> [1] http://man7.org/linux/man-pages/man7/capabilities.7.html
> >>>>
> >>>> If you want this type of feature, set CAP_SYS_NICE to the group audio
> >>>> that you are referring.
> >>>
> >>> ??? How can I grant capabilities to a group? I thought capabilites where either given to
> >>> a user (via /etc/security/capability.conf) or to a binary (by means of setcap).
> >>
> >> AFAIK, pam_cap support users and groups.
> > 
> > Not according to my local manpages (pam_cap(8)  09/23/2011 and CAPABILITY.CONF(5) -- 09/23/2011).
> > Do you have any y reference for your information?
> 
> I never tested, but try out based on this reference[1] paragraph 2.2.

Yes, but that paragraph seems to be simply wrong. And the code you link to
in [3] clearly shows that.

> Apparently there are two implementations for pam_cap. One supports the
> other doesn't.

No. That's wrong. pam_cap doesn't support caps by group, your second link points
the pam_capability module. IIRC that was only ever available in OpenSuse. The git log
(single line ...) of that repository doesn't really make me want to integrate it into a seccurity
service.

Cheers, RalfD

> 
> [1]
> http://blog.sevagas.com/?Linux-security-using-a-limited-group-PAM-modules
> [2] https://github.com/ekline/pamcap/blob/master/pam_capability.c
> [3] https://github.com/pexip/os-libcap2/blob/master/pam_cap/pam_cap.c
> 
> Good luck.
> 
> -- 
> Felipe

Previous message: [LAD] QTractor: QThreads: Not realtime on Linux without root?
Next message: [LAD] QTractor: QThreads: Not realtime on Linux without root?
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Linux-audio-dev mailing list