Re: [Jack-Devel] debian jack/pulse support [ was : Re: JACK in Chrome !! ]
On 01/17/2013 12:57 PM, Paul Davis wrote:
>
>
>
> On Thu, Jan 17, 2013 at 6:32 AM, David Henningsson
> <[hidden]
> <mailto:[hidden]>> wrote:
>
> I haven't read all of this thread, but there are a few things I want
> to point out.
>
> 1) The audio group is not added on Ubuntu, because the "audio" group
> name is already used for another incompatible feature, i e, that of
> being able to exclusively access a sound card even though you are
> not logged in. See https://wiki.ubuntu.com/Audio/__TheAudioGroup
> <https://wiki.ubuntu.com/Audio/TheAudioGroup> for details.
>
>
> that document includes this line:
>
> "This can be necessary for running low-latency audio without drop-outs,
> but is bad from a security and stability point of view, as a process
> running with real-time privileges can lock up the entire system
> completely. "
>
> this is no longer true. it is trivial to configure the amount of time
> that RT-scheduled tasks can consume. it can no longer be used as an
> explanation of why RT scheduling is problematic.
I'm not a security expert, so excuse me if these are stupid questions,
but...
First, I tried to look this up on http://jackaudio.org/linux_rt_config
but I saw no such documentation.
Second, your argument seems to apply to RT scheduling only - what about
memlock?
Third, if you were a maintainer of an general purpose distro, that
should be able to do everything from pro-audio, consumer audio, gaming,
run on laptops with decent battery life, to multi-user ssh and web
servers and all that, how do you recommend we set RT and memlock
privileges for the user by default?
Finally, thanks for now recommending the "realtime" group instead of the
"audio" group :-)
--
David Henningsson, Canonical Ltd.
https://launchpad.net/~diwic
1358426034.10063_0.ltw:2,a <50F7EFAE.3060108 at canonical dot com>