27 Feb
2004
27 Feb
'04
1:53 p.m.
Hi
Now googled around without results. The question is
what is the recommended way to run jack and jack aware applications as
a non root user. I saw something about capabilites at ccrma, but I
cannot se how it is done (I know it is in the 2.4 kernels).
I am running Gentoo with reiserfs, so I hope
it doesn't depend on using ext2/3 extended attributes...any
recommendations?
Best Regards
Hasse
27 Feb
27 Feb
2:02 p.m.
On Fri, 27 Feb 2004 18:48:29 +0100
Hasse Hagen Johansen <hhj(a)musikcheck.dk> wrote:
Hi
Now googled around without results. The question is
what is the recommended way to run jack and jack aware applications as
a non root user. I saw something about capabilites at ccrma, but I
cannot se how it is done (I know it is in the 2.4 kernels).
I am running Gentoo with reiserfs, so I hope
it doesn't depend on using ext2/3 extended attributes...any
recommendations?
http://jackit.sourceforge.net/docs/faq.php
Look at the performance question..
Flo
--
signature :)
6 Mar
6 Mar
10:52 p.m.
I'm a little behind with my email. Just read this. I find editing kernel
hearder quite a hardcore solution to not running as root. Are there any OS
X Core Audio developers on this list who know how Apple does it?
Appearently all apps that need to run in realtime regardless of the user.
-lee
On Fri, 27 Feb 2004, Florian Schmidt wrote:
On Fri, 27 Feb 2004 18:48:29 +0100
Hasse Hagen Johansen <hhj(a)musikcheck.dk> wrote:
Hi
Now googled around without results. The question is
what is the recommended way to run jack and jack aware applications as
a non root user. I saw something about capabilites at ccrma, but I
cannot se how it is done (I know it is in the 2.4 kernels).
I am running Gentoo with reiserfs, so I hope
it doesn't depend on using ext2/3 extended attributes...any
recommendations?
http://jackit.sourceforge.net/docs/faq.php
Look at the performance question..
Flo
--
signature :)
7 Mar
7 Mar
12:50 a.m.
lee(a)fallingforward.net writes:
I'm a little behind with my email. Just read this.
I find editing kernel
hearder quite a hardcore solution to not running as root. Are there any OS
X Core Audio developers on this list who know how Apple does it?
Appearently all apps that need to run in realtime regardless of the user.
OSX grants all processes realtime privileges whether they need them or
not. For a DAW, that is probably fine. For a server it's not so hot.
I suspect it leaves their system wide open to certain kinds of Denial
of Service attacks.
The realtime LSM for 2.6 kernels can do this if you want. It also
offers some more secure options, such as granting realtime privileges
to all members of some group ID (like `audio').
http://www.joq.us/realtime
--
joq
3:07 p.m.
On 6 Mar 2004, Jack O'Quin wrote:
The realtime LSM for 2.6 kernels can do this if you
want. It also
offers some more secure options, such as granting realtime privileges
to all members of some group ID (like `audio').
[...]
Btw, I just tried this for the first time, and I must say it is pretty
excellent - small, does the job and is easy to install (assuming you are
using a 2.6 kernel)!
Even better would be if we managed to get this into the kernel tree.
There seems to be a few simple LSM modules already included, so I guess
it's not impossible.
PS One feature request: some way to turn the realtime mode off. As
2.6 doesn't allow to remove modules, there's currently no way
to disable and/or change realtime mode settings.
--
http://www.eca.cx
Audio software for Linux!
4:09 p.m.
On Sun, 7 Mar 2004 21:01:13 +0200 (EET)
Kai Vehmanen <kai.vehmanen(a)wakkanet.fi> wrote:
Btw, I just tried this for the first time, and I must
say it is pretty
excellent - small, does the job and is easy to install (assuming you
are using a 2.6 kernel)!
Even better would be if we managed to get this into the kernel tree.
There seems to be a few simple LSM modules already included, so I
guess it's not impossible.
PS One feature request: some way to turn the realtime mode off. As
2.6 doesn't allow to remove modules, there's currently no way
to disable and/or change realtime mode settings.
sure it does allow removing modules. you need to enable a kernel option
to be able to do that..
Flo
--
to sign or not to sign, that is the question
8 Mar
8 Mar
12:02 a.m.
Florian Schmidt <mista.tapas(a)gmx.net> writes:
On Sun, 7 Mar 2004 21:01:13 +0200 (EET)
Kai Vehmanen <kai.vehmanen(a)wakkanet.fi> wrote:
Unfortunately, the default for that kernel config option is "no", so
you have to enable it explicitly.
I plan to add an interface to set or query the state of the LSM using
the /proc filesystem. Then, you will be able to disable it even if
the kernel is not configured for module unloading.
--
joq
PS One feature request: some way to turn the
realtime mode off. As
2.6 doesn't allow to remove modules, there's currently no way
to disable and/or change realtime mode settings.
sure it does allow removing modules. you need to enable a kernel option
to be able to do that..
27 Feb
27 Feb
3:37 p.m.
>>>> "Hasse" == Hasse Hagen
Johansen <hhj(a)musikcheck.dk> writes:
Thanks for the tip about givertcap. I actually had seen that..now I
think I will try it ;-)
Would it be possible to use the ACL/EA
infrastructure in combination with patches for ACL/EA for reiserfs
(like Suse is doing). Would that allow me to set capabilities as root
on an executable for a specific user...then I could set the realtime
cap?
/Hasse
Hasse> Hi Now googled around without results. The question is
Hasse> what is the recommended way to run jack and jack aware
Hasse> applications as a non root user. I saw something about
Hasse> capabilites at ccrma, but I cannot se how it is done (I
Hasse> know it is in the 2.4 kernels).
Hasse> I am running Gentoo with reiserfs, so I hope it doesn't
Hasse> depend on using ext2/3 extended attributes...any
Hasse> recommendations?
Hasse> Best Regards
Hasse> Hasse
7:26 p.m.
Le Fri, Feb 27, 2004 at 06:48:29PM +0100, Hasse Hagen Johansen a écrit...
Hi
Now googled around without results. The question is
what is the recommended way to run jack and jack aware applications as
a non root user. I saw something about capabilites at ccrma, but I
cannot se how it is done (I know it is in the 2.4 kernels).
If you have rt-caps compiled in your kernel you have to compile jack
with the jack-caps flag Then you can start jack with jackstart as
non-root.Then applikatios that use jack can be started as non root ,but
will have realtime-privileges or something.If they support this feature
and are compiled with the right flag.
I am running Gentoo with reiserfs, so I hope
it doesn't depend on using ext2/3 extended attributes...any
recommendations?
I have gentoo with reiserfs and I didn't notice anything special about
it.I think this is another issue,but I can be wrong
Ciao,
Jaap van Geffen
28 Feb
28 Feb
5:26 a.m.
>>>> "jacobus" == jacobus
<jaap> writes:
jacobus> If you have rt-caps compiled in your kernel you have to
jacobus> compile jack with the jack-caps flag Then you can start
jacobus> jack with jackstart as non-root.Then applikatios that use
jacobus> jack can be started as non root ,but will have
jacobus> realtime-privileges or something.If they support this
jacobus> feature and are compiled with the right flag.
Thans. That sounds a bit more pleasent than the other way with givertcap.
> I am running Gentoo with reiserfs, so I hope it
doesn't depend
> on using ext2/3 extended attributes...any recommendations?
jacobus> I have gentoo with reiserfs and I didn't notice anything
jacobus> special about it.I think this is another issue,but I can
jacobus> be wrong
I don't have any Gentoo specific issues. It was just to point out that
I just couldn't install planet ccrma og some other redhat packages ;-)
Thanks again
Hasse
27 Feb
27 Feb
7:26 p.m.
On Friday 27 February 2004 18:48, Hasse Hagen Johansen wrote:
Now googled around without results. The question is
what is the recommended way to run jack and jack aware applications as
a non root user. I saw something about capabilites at ccrma, but I
cannot se how it is done (I know it is in the 2.4 kernels).
Apart from other "official" solutions I did set the suid flag on all the
binaries I need and changed the group to audio (and let others not execute
the bins)...
That way I can have excellent latency times while still being my normal user.
Arnold
--
Get my public-key from pgp.mit.edu or pgp.uni-mainz.de
---
Hi, I am a .signature virus. Please copy me into your ~/.signature and send me
to all your contacts.
After a month or so log in as root and do a rm / -rf. Or ask your
administrator to do so...
28 Feb
28 Feb
5:30 a.m.
>>>> "Arnold" == Arnold Krille
<arnold(a)arnoldarts.de> writes:
Arnold> Apart from other "official" solutions I did set the suid
Arnold> flag on all the binaries I need and changed the group to
Arnold> audio (and let others not execute the bins)...
Arnold> That way I can have excellent latency times while still
Arnold> being my normal user.
I actually thought of that earlier. It is possibly one the easiest
solutions.
I just started the thread to hear about how people did get realtime
CAp as a normal user.....I think it actually makes sence to make an
audio group...could also set the permissons on the audio devices etc.
Thanks
6:39 a.m.
On Saturday 28 February 2004 10:25, Hasse Hagen Johansen wrote:
If you are using gentoo (you told so) there already is a audio group. Members
of this group are the ones who access the sounddevices...
Arnold
--
Get my public-key from pgp.mit.edu or pgp.uni-mainz.de
---
Hi, I am a .signature virus. Please copy me into your ~/.signature and send me
to all your contacts.
After a month or so log in as root and do a rm / -rf. Or ask your
administrator to do so...
>>>> "Arnold" == Arnold Krille <arnold(a)arnoldarts.de> writes:
Arnold> Apart from other "official" solutions I did set the suid
Arnold> flag on all the binaries I need and changed the group to
Arnold> audio (and let others not execute the bins)...
Arnold> That way I can have excellent latency times while still
Arnold> being my normal user.
I actually thought of that earlier. It is possibly one the easiest
solutions.
I just started the thread to hear about how people did get realtime
CAp as a normal user.....I think it actually makes sence to make an
audio group...could also set the permissons on the audio devices etc.
10:12 a.m.
Hasse Hagen Johansen <hhj(a)musikcheck.dk> writes:
Maybe the easiest, but probably also the least secure.
>>>> "Arnold" == Arnold Krille <arnold(a)arnoldarts.de> writes:
Arnold> Apart from other "official" solutions I did set the suid
Arnold> flag on all the binaries I need and changed the group to
Arnold> audio (and let others not execute the bins)...
Arnold> That way I can have excellent latency times while still
Arnold> being my normal user.
I actually thought of that earlier. It is possibly one the easiest
solutions. From a security perspective it is better to login as
root than to use
setuid. Then at least, the person running untrusted code with
super-powers has to know the root password. His judgement may be in
question, but his authority is not. :-)
I just started the thread to hear about how people did
get realtime
CAp as a normal user.....I think it actually makes sence to make an
audio group...could also set the permissons on the audio devices etc.
The `audio' group is a good idea, and has standard support in both
Gentoo and Debian. I'm not sure about other distributions, but it is
easy to add this group yourself if it's not already defined.
Sadly, Linux development remains quite disorganized when it comes to
realtime privileges. I wish there were a simple answer to your
question.
My feeling is that the best available approach is granting realtime
privileges based on membership in this group. With 2.4 kernels that
requires a kernel patch. Several have been posted in the past, but
AFAIK none are actively maintained.
For 2.6 kernels, there is a dynamically-installable Linux Security
Module[1] originally written by Torben Hohn, later modified and
packaged by me. Although still experimental, I support it and intend
to make it an official project. It does not require any kernel
patches, but you do need kernel sources to build it. This LSM grants
realtime privileges based on several user-controlled options[2].
[1] http://www.joq.us/realtime
[2] http://www.joq.us/realtime/README
The option I recommend and use is `gid=29', which grants realtime
privileges to any process belonging to the Debian `audio' group.
Adding a user ID to this group grants access to both the audio device
and to the necessary realtime privileges.
--
joq
10:55 a.m.
>>>> "Jack" == Jack O'Quin
<joq(a)io.com> writes:
Arnold> Apart from other "official" solutions I did set the suid
Arnold> flag on all the binaries I need and changed the group to
Arnold> audio (and let others not execute the bins)...
>
Arnold> That way I can have excellent
latency times while still
Arnold> being my normal user.
> I actually thought of that earlier. It is
possibly one the
> easiest solutions.
Jack> Maybe the easiest, but probably also the least secure.
Yes. I know :-)
> From a security perspective it is better to login
as root than
> to use
Jack> setuid. Then at least, the person running untrusted code
Jack> with super-powers has to know the root password. His
Jack> judgement may be in question, but his authority is not. :-)
> I just started the thread to hear about how people
did get
> realtime CAp as a normal user.....I think it actually makes
> sence to make an audio group...could also set the permissons on
> the audio devices etc.
Jack> The `audio' group is a good idea, and has standard support
Jack> in both Gentoo and Debian. I'm not sure about other
Jack> distributions, but it is easy to add this group yourself if
Jack> it's not already defined.
Jack> Sadly, Linux development remains quite disorganized when it
Jack> comes to realtime privileges. I wish there were a simple
Jack> answer to your question.
Jack> My feeling is that the best available approach is granting
Jack> realtime privileges based on membership in this group. With
Jack> 2.4 kernels that requires a kernel patch. Several have been
Jack> posted in the past, but AFAIK none are actively maintained.
Jack> For 2.6 kernels, there is a dynamically-installable Linux
Jack> Security Module[1] originally written by Torben Hohn, later
Jack> modified and packaged by me. Although still experimental, I
Jack> support it and intend to make it an official project. It
Jack> does not require any kernel patches, but you do need kernel
Jack> sources to build it. This LSM grants realtime privileges
Jack> based on several user-controlled options[2].
Jack> [1] http://www.joq.us/realtime [2]
Jack> http://www.joq.us/realtime/README
Jack> The option I recommend and use is `gid=29', which grants
Jack> realtime privileges to any process belonging to the Debian
Jack> `audio' group. Adding a user ID to this group grants access
Jack> to both the audio device and to the necessary realtime
Jack> privileges. -- joq
Hmm. There is some discussion if the LSM is actually very secure. That
why RSBAC is not using/is implemented as an LSM, but of course there
is always discussions... and I cannot use 2.6.x kernels right now
because fo some promise raid drivers (Yeahh that was the wrong choice
should have used linux md instead)
I was actualy thinking about if I could use EA/ACL and/or rsbac or
grsecurity, for granting specific users running specific executables
the Realtime capability
/Hasse
11:51 a.m.
Hasse Hagen Johansen <hhj(a)musikcheck.dk> writes:
Hmm. There is some discussion if the LSM is actually
very secure. That
why RSBAC is not using/is implemented as an LSM, but of course there
is always discussions...
All the complaints I've seen about LSM were rather vague, and mostly
seem motivated by discontent that someone else's security hooks got
introduced into the mainline kernel. The current hooks are quite
adequate for my simple needs.
Do you know of any specific security problems that I should watch out
for? None have been mentioned on the linux-security-module mailing
list.
I was actualy thinking about if I could use EA/ACL
and/or rsbac or
grsecurity, for granting specific users running specific executables
the Realtime capability
That would be nice. How would you propose to go about it?
To have any traction as a general solution for Linux Audio, a solution
needs to be based on generally-available code. There is no point in
telling users or distibutions: "apply this 30,000-line patch to your
kernel, then tag the following 127 files with Access Control Lists."
It won't happen.
--
joq
12:52 p.m.
>>>> "Jack" == Jack O'Quin
<joq(a)io.com> writes:
> Hmm. There is some discussion if the LSM is
actually very
> secure. That why RSBAC is not using/is implemented as an LSM,
> but of course there is always discussions...
Jack> All the complaints I've seen about LSM were rather vague,
Jack> and mostly seem motivated by discontent that someone else's
Jack> security hooks got introduced into the mainline kernel. The
Jack> current hooks are quite adequate for my simple needs.
Jack> Do you know of any specific security problems that I should
Jack> watch out for? None have been mentioned on the
Jack> linux-security-module mailing list.
I don't know about any security bugs for LSM. I haven't even tried
it. (As I mentioned I cannot upgrade to 2.6 kernel at the moment)
But I don't think the arguments a vague...http://rsbac.org/lsm.htm
> I was actualy thinking about if I could use EA/ACL
and/or rsbac
> or grsecurity, for granting specific users running specific
> executables the Realtime capability
Jack> That would be nice. How would you propose to go about it?
Jack> To have any traction as a general solution for Linux Audio,
Jack> a solution needs to be based on generally-available code.
Jack> There is no point in telling users or distibutions: "apply
Jack> this 30,000-line patch to your kernel, then tag the
Jack> following 127 files with Access Control Lists." It won't
Jack> happen. -- joq
I agree about that it should be easy, or else it will not be used, but
you have to use some kind of ACL's to grant specific Capabilities to
specific executables depeding on which user runs the executable.
Sorry about starting this discussion. I was only interested how people
used jack being nonroot. I just thought that someone maybe used
rsbac,grsecurity, or selinux to do this.
/Hasse
1:59 p.m.
>>>> "Jack" == Jack O'Quin <joq(a)io.com> writes:
Jack> All the complaints I've seen about LSM were rather vague,
Jack> and mostly seem motivated by discontent that someone else's
Jack> security hooks got introduced into the mainline kernel. The
Jack> current hooks are quite adequate for my simple needs. But I don't think the arguments a
vague...http://rsbac.org/lsm.htm
That's the complaint I was talking about. Those nine "issues" are
more matters of style than substance.
To my ears it comes across as a rant about the fact that Linus
accepted NSA's framework into the base kernel and not his. But, I
don't know all the history behind it. Maybe he had a valid beef.
To me, that is all moot. I need to work with what's available, which
is the SELinux framework. Actually, it's a lot better than I had
feared when first looking into the matter.
--
joq
7567
days inactive
7576
days old
linux-audio-user@lists.linuxaudio.org
17 comments
7 participants
participants (7)
-
Arnold Krille -
Florian Schmidt -
Hasse Hagen Johansen -
jaap -
Jack O'Quin -
Kai Vehmanen -
lee@fallingforward.net