On Wed, 2006-05-24 at 19:08 +0100, Rui Nuno Capela
wrote:
Jack O'Quin wrote:
The required components are now available, and are being provided
by a few leading-edge distributions. Had you installed Ubuntu Dapper
Drake (which is not yet officially released), you would not have seen
any problem. They chose to include the PAM patches and authorize
all users to start realtime threads be default. That is a reasonable
choice for them (given their goals), but would not be appropriate for
most other distributions.
OpenSUSE 10.1, which has been officially released a couple of weeks ago,
also is PAM ready. However, it's not OOTB. You'll have to add the
relevant entries to /etc/security/limits.conf, like for example these
ones where realtime capabilities are given only to users who belong to
the "audio" group:
@audio - rtprio 90
@audio - nice -10
@audio - memlock 4000000
Ubuntu does not have these lines OOTB, you also have to add them.
No distro with a "secure by default" policy could enable this out of the
box as it allows non-root users to lock up the machine.
Dapper came up "insecure by default" for me. Knowing about this stuff,
I added something similar, restricting access to group "audio". I figured
they had done it intentionally (so things would "just work").
Maybe they consider it a bug and have "fixed" it?
--
joq