Lennart Poettering wrote:
On Mon, 22.06.09 23:19, Jörn Nettingsmeier
(nettings(a)folkwang-hochschule.de) wrote:
so what is this about? rt users want absolute
control over their
machine. anybody who can tolerate some arbitrary bits of policy thrown
at them during work is by definition not an rt user.
rt users must be trustable with root access, at least in terms of cpu
governance, which is what rtlimits achivev just fine.
What is so difficult to understand that rtkit is not intended to be a
solution for hardcore rt users?
rtkit is not for you!
Let me repeat this:
RTKIT IS NOT FOR YOU!
this is getting childish. my claim is: if you give rt to a user, you
enable him to fuck the machine up. that's a law of nature. you can do
all kinds of very clever things and try to have a very fast watchdog,
but it doesn't prevent abuse.
my point is: since the rt user is locally trusted, you can just as well
grant static rt rights using the rtlimits approach. if the user is not
to be trusted with static rt rights, s/he is not to be trusted with any
kind of rt rights, no matter how clever the daemon that grants them. so
what is the problem you are trying to solve?
this is really akin to handing out root rights and watching the
filesystem, and as soon as the user starts reading other people's mail
some script yells at him.