Re: [Jack-Devel] jack - audio group - package install

PrevNext  Index
DateTue, 31 Jan 2012 14:42:20 +1030
From Jonathan Woithe <[hidden] at just42 dot net>
ToPaul Davis <[hidden] at linuxaudiosystems dot com>
Cc[hidden] at lists dot jackaudio dot org
In-Reply-ToPaul Davis Re: [Jack-Devel] jack - audio group - package install
On Tue, Jan 24, 2012 at 12:29:44PM -0500, Paul Davis wrote:
> a setuid tool to enable RT/memlock still exists in various forms and some
> people use it. its a more complex, less secure, and less convenient system
> for almost all users.

Set_rlimits would be one such tool (disclaimer: I wrote set_rlimits).  While
I agree that it's slightly less convenient[1] and a little more complex[2],
I don't necessarily agree that it's less secure.  In fact, since it grants
RT privileges on a per application, per user basis it is in many ways more
secure.  However, this last aspect is becoming academic now that the kernel
ensures that RT processes can't completely starve the system of CPU cycles
(as was mentioned earlier in the thread).  Note that these comments only
apply to set_rlimits - I have not encountered any other similar solution
myself and don't know how they approach the problem.

Having something like set_rlimits is still useful for those of us who (for
whatever reason) don't use PAM.  I agree that it's not a good general
solution.

[1] You just have to arrange to run, for example, "set_rlimits ardour2 ..." 
    instead of just "ardour2 ...".

[2] A simple text configuration file needs to be set up by root to grant
    permission for users to run specific programs with RT privileges.

Regards
  jonathan
PrevNext  Index

1327983169.26722_0.ltw:2,a <20120131041220.GD2500 at marvin dot atrad dot com dot au>