8 Dec
2003
8 Dec
'03
10:01 p.m.
The "sgid
approach" is in addition to having a realtime group or
instead? I have the feeling I have missed something in the thread.
The setgid approach *is* a match on the realtime group. The question
is which of several group IDs to you actually match against. Torben's
jackcaps-0.2 checked only the effective group ID of the exec file.
My current version checks others, too: the user's real and
supplementary groups. Note that these are set by login, newgrp,
etc. and are independent of the actual program being loaded. I'll append a copy to this message, so you can
look at it. It's not
ready to release yet. But, it seems to work for me.
I'm not yet testing 2.6.0 (well, I just booted it once a couple of days
ago). Is there anything being done for 2.4.x?
My current prototype is called `realtime', not
`jackcapabilities', and
has the following load-time options..
# modprobe realtime # `jackstart' capabilities only
Meaning?
# modprobe realtime any=1 # option a)
# modprobe realtime gid=29 # options b) and c)
I plan to to add another option, mlock=0, for people who don't feel
the need for locking storage. With this option, I would only grant
CAP_SYS_NICE.
Sounds good to me. Is it possible to control the options through /proc
as well? Or just at load time?
-- Fernando