On Sun, Nov 30, 2003 at 10:10:45PM -0600, Jack O'Quin wrote:
torbenh(a)gmx.de wrote:
attached is what i have done today.... works, but
needs to
be checked by someone who can judge about the sideeffects.
i am not so sure about them.
Encouraged by your success, I plan to modify this LSM to implement the
`kernel/realtime' and `kernel/realtime-group' interfaces we discussed
recently. I'll keep you posted on how that progresses.
the most simple way would be parameters given to the module for the
realtime group and user. There are nice macros for module parameters.
i believe that adding to the currently overridden function
if( bprm->e_gid == realtime_gid ) {
bprm->cap_effective = CAP_IPC_LOCK | CAP_SYS_NICE | CAP_SYS_RESORCE
bprm->cap_permitted = CAP_IPC_LOCK | CAP_SYS_NICE | CAP_SYS_RESORCE
}
should work fine.
although i am not happy with CAP_SYS_RESOURCE ( needed for RTC interrupts > 64Hz )
which also allows a process to Override quota limits.
But because in drivers/char/rtc.c the check is
if ( capable( CAP_SYS_RESOURCE ) ) { allow higher freq }
it seems like its not possible with the current implementation.
but we could however provide a jackrtc module which checks for a
new CAP_RTC_INTS.
--
torben Hohn
http://galan.sourceforge.net -- The graphical Audio language