Re: [Jack-Devel] debian jack/pulse support [ was : Re: JACK in Chrome !! ]

On 01/17/2013 12:57 PM, Paul Davis wrote:
>
>
>
> On Thu, Jan 17, 2013 at 6:32 AM, David Henningsson
> <[hidden]
> <mailto:[hidden]>> wrote:
>
>     I haven't read all of this thread, but there are a few things I want
>     to point out.
>
>     1) The audio group is not added on Ubuntu, because the "audio" group
>     name is already used for another incompatible feature, i e, that of
>     being able to exclusively access a sound card even though you are
>     not logged in. See https://wiki.ubuntu.com/Audio/__TheAudioGroup
>     <https://wiki.ubuntu.com/Audio/TheAudioGroup> for details.
>
>
> that document includes this line:
>
> "This can be necessary for running low-latency audio without drop-outs,
> but is bad from a security and stability point of view, as a process
> running with real-time privileges can lock up the entire system
> completely. "
>
> this is no longer true. it is trivial to configure the amount of time
> that RT-scheduled tasks can consume. it can no longer be used as an
> explanation of why RT scheduling is problematic.

I'm not a security expert, so excuse me if these are stupid questions, 
but...

First, I tried to look this up on http://jackaudio.org/linux_rt_config 
but I saw no such documentation.

Second, your argument seems to apply to RT scheduling only - what about 
memlock?

Third, if you were a maintainer of an general purpose distro, that 
should be able to do everything from pro-audio, consumer audio, gaming, 
run on laptops with decent battery life, to multi-user ssh and web 
servers and all that, how do you recommend we set RT and memlock 
privileges for the user by default?

Finally, thanks for now recommending the "realtime" group instead of the 
"audio" group :-)


-- 
David Henningsson, Canonical Ltd.
https://launchpad.net/~diwic

1358426034.10063_0.ltw:2,a <50F7EFAE.3060108 at canonical dot com>