[linux-audio-dev] Re: linux-audio-dev Digest, Vol 2, Issue 24

I've been thinking about ways to use this feature to improve and simplify the current security situation for Linux audio. No conclusions, but here are some thoughts for discussion: (1) There should a simple way for the sysadmin to reliably disallow realtime privileges. One way to allow (or prevent) access to realtime privileges for any program is via a sysctl global variable. Of course, loading the kernel extension is a privileged operation, anyway. But, I prefer some positive means of blocking it. (2) Using sysctl, set a group id (like `audio') for which realtime privileges are automatically granted. Then, we could just install realtime apps with `setgid audio'. This seems much better than opening things up to *any* application. And, audio applications would not need root privileges any more. This would be a rather big improvement over the current jackstart/jackd situation. (3) We could also define a default realtime group (gid 0 maybe), since `audio' probably does not exist on many distributions. IIUC, this is originally a Debian idea. I don't know how widely it has been adopted. I like it and think it should become a universal Linux convention, allowing access to the sound card as well as realtime privileges.