3 Dec
2003
3 Dec
'03
6:47 a.m.
On Tue, Dec 02, 2003 at 11:03:29AM -0600, Jack O'Quin wrote:
considering the configurability of the max frequency fernando posted,
we need to investigate on mlockall now...
definitely yes...
capable can be overridden in an LSM.
but we can still use the current implementation, because capable( i )
tests if bit i is set in the effective_caps.
the highest capability number is 28.. so we have 3 caps left.
--
torben Hohn
http://galan.sourceforge.net -- The graphical Audio language
torbenh(a)gmx.de writes:
there are functions to register inodes in proc.
but i dont consider this necessary. Why would i want to change the
realtime gid once the module is loaded ?
modprobe jackcapabilities rtgid=407
seems sufficient to me...
and this requires 2 lines of code... see attachement..
the most simple way would be parameters given to
the module for the
realtime group and user. There are nice macros for module parameters.
i believe that adding to the currently overridden function
if( bprm->e_gid == realtime_gid ) {
bprm->cap_effective = CAP_IPC_LOCK | CAP_SYS_NICE | CAP_SYS_RESORCE
bprm->cap_permitted = CAP_IPC_LOCK | CAP_SYS_NICE | CAP_SYS_RESORCE
}
should work fine.
That's pretty much what I have in mind. I'm still trying to figure
out how to pass the group id as a parameter somewhere. I wanted to
use /proc/sys/kernel/realtime-group, but that seems to require
patching the kernel. It looks like the new sysfs is intended for this
purpose. I'll investigate. although i am not happy with CAP_SYS_RESOURCE (
needed for RTC
interrupts > 64Hz ) which also allows a process to Override quota
limits.
Agreed. This is sometimes needed but not always. Maybe it should be
a separate module to use as required. But because in drivers/char/rtc.c the check is
if ( capable( CAP_SYS_RESOURCE ) ) { allow higher freq }
it seems like its not possible with the current implementation.
but we could however provide a jackrtc module which checks for a
new CAP_RTC_INTS.
Can you add a new capability without patching the kernel?