Hi, this might be old news already, but just in case...: http://lwn.net/Articles/84566/ --cut-- The 2.6.6-mm1 tree includes, among many other things, patches which add two new /proc/sys variables. They are: /proc/sys/vm/hugetlb_shm_group If this value is non-zero, it is interpreted as a group ID which gives access to the the "huge pages" feature of the 2.6 VM. /proc/sys/vm/mlock_group This variable behaves similarly, but it controls access to the mlock() system call (which locks memory into physical RAM) instead. --cut-- And continues with comments from Andrew: --cut-- The problem, it seems, is that there are no better solutions on the horizon. Says Andrew Morton: ""Capabilities are broken and don't work. Nobody has a clue how to provide the required services with SELinux and nobody has any code and we need the feature *now* before vendors go shipping even more ghastly stuff. "" --cut-- This suggests that there is a good chance that realtime-lsm could be accepted to the mainline kernel tree, if submitted! -- http://www.eca.cx Audio software for Linux!