[linux-audio-dev] Please test the RT rlimits patch for audio

Jonathan Woithe jwoithe at physics.adelaide.edu.au
Mon Jun 6 07:15:06 UTC 2005 

Jack, thanks for your comments and feedback.

> > Sorry, no homepage yet.  Read the enclosed README and manpage for full
> > details.  In short, a simple text file /etc/set_rtlimits.conf is used to
> > configure which users (or groups) can run which programs with elevated
> > realtime/nice priorities.  The maximum priorities requestable is limited on
> > a user+program basis, so a single user or group can have different
> > maximum priorities for different programs if this is desired.
> 
> Your group support is not very useful, yet, because it only checks the
> current group.

True, but group support wasn't really my prime objective at this point in
time (see below).

> It would help a lot to also check supplementary group membership

Yes.  There was also the question of time - I didn't have much.  Allowing
the name spec to be a group name was basically a quick hack added at the
last minute as an afterthought.  As time permits I'll look into adding
support for supplementary groups but I make no promises.

At the end of the day I figured that in most cases, this kind of audio
software (and set_rtlimits itself) would be used mainly on systems with a
small number of users, so there was no hugely pressing need to support
groups.  Having said that, it's not a bad idea if I can find the time
to add it.

Another thing I'm thinking of adding is the ability to list a number of
different binaries in one entry (and maybe even allowing alias definitions
in a similar way to sudo).  This would help cut down the size of the config
file and perhaps make it easier to manage.

> (There may be a problem with this: I am not certain that supplementary
> groups are inherited correctly by setuid programs.)

It should be fairly easy to test.

> Also, the group namespace is separate from the user namespace

Yes, I know.  Again, allowing groupnames to be resolved was a last-minute
add-on and the lack of differentiation between a group and user name is
evidence of this.  I knew about this little problem but didn't have time
to do anything about it at the time.

> I believe PAM uses the `@group' notation to distinguish the two (not
> that PAM is a very good example of anything).

:-)
@group is as good an idea as anything else I can think of at the moment.

Regards
  jonathan

More information about the Linux-audio-dev mailing list