Re: [linux-audio-dev] Linux Security Module for realtime audio

8 Dec 2003

...
    So, I modified Torben's LSM to check supplementary
groups, and this
 seems to work fine.  From a system admin perspective it's pretty good.
 I'm a member of group `audio', which was accomplished by adding my
 user ID (joq) to the appropriate entry in /etc/group...

 [...]  
 well this is an alternative but i would be happier to explicitely give
 away the DOS privilege to programs. rather than enabling it for my
 account.  
 I completely agree that my supplementary groups idea is less secure
 than the setgid approach. 
The "sgid approach" is in addition to having a realtime group or
instead? I have the feeling I have missed something in the thread. 

I would prefer to have the option of:

a) no protection: I turn on "realtime" (/proc control and/or loading the
   realtime module, right?) and any user can run any program and crash
   the system by hogging the cpu in a tight loop :-)

b) a group of users: only users in a designated group can crash the
   system. 

c) a group of programs: only writers of realtime "approved" programs get
   a chance (through the help of any user or users in a group) to crash
   the system. 

Most probably in my environment I would use a), maybe b), most probably
not c). 

-- Fernando

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

2003

2002

Re: [linux-audio-dev] Linux Security Module for realtime audio