17 Nov
2003
17 Nov
'03
3:40 a.m.
On 2003.11.17 05:15 Jack O'Quin wrote:
That's right. Separating the `realtime' from
the `audio' seems
logical to me. Not all audio is realtime, and not all realtime is
necessarily audio. Video or other applications could also benefit
from this mechanism. Maybe we should just invent a group named
`realtime'.
Note that the group name issue is separate from the underlying kernel
mechanism. In Debian, group `audio' has gid 29. One should not hard-
code that in the kernel. I would envision a user-level admin process
that accesses the appropriate group name and writes its numeric gid
value with sysctl. The kernel security module would use whatever gid
value it is given.
The mechanism you're looking for may be a PAM module. It has all the
information (uid, gids, tty), is trusted, runs at login time, is in
userspace and runs as root.
Melanie