[linux-audio-user] Re: Fedora 6 x86_64 short report

Kjetil Svalastog Matheussen k.s.matheussen at notam02.no
Sat Jan 13 07:36:17 EST 2007


Fernando Lopez-Lezcano:
>
> On Fri, 2007-01-12 at 19:01 -0500, lanas wrote:
>> 3) Adjusted access to priorities by adding this
>> to /etc/security/limits.conf:
>>
>>   # Added for audio
>>   *               -       rtprio          99
>>   *               -       nice            -10
>>   *               -       memlock         4000000
>>
>>   BTW, I read that the above is an insecure configuration.  So, some
>> finetuning could be done with that.  There's an active Fedora
>> Firewall, as well as SELinux, so maybe this is not as critical as it
>> sounds.  I'd appreciate any input on this.
>
> It all boils down to who can use programs that run with realtime
> priorities and whether you trust them. The above conf (which I use)
> gives access to everybody - meaning anybody can potentially hang the
> machine, either through buggy software, a mistake or intentionally.
>
> You can of course restrict things a bit more by using unix groups and
> only give access to a group of users (which you presumably trust...),
> then that's more "secure". Still, allowed users can hang the machine if
> they want.
>
> You could also restrict the range of priorities users can use, add a
> watchdog program that runs at a higer priority and kills or downgrades
> the scheduler to SCHED_OTHER of processes that are hogging the cpu - but
> IMHO things get complicated too fast, and sometimes you may _want_ to
> hog the cpu :-)
>

Except for that want-to-hog-the-cpu scenario (which is very uncommon at 
least for audio usage), I would say that using either rt_watchdog or 
(especially) das_watchdog is a very good solution to the above mentioned 
problems. I don't know whats getting so complicated...




More information about the Linux-audio-user mailing list