[linux-audio-dev] mjsucap - capability handling

New Message Reply About this list Date view Thread view Subject view Author view Other groups

Subject: [linux-audio-dev] mjsucap - capability handling
From: Tommi Ilmonen (tilmonen_AT_cc.hut.fi)
Date: Thu May 03 2001 - 13:57:39 EEST


Hi.

This is a half-announcement. I hope someone finds this useful.

Every sometime people come up ith the point that real-time apps should
not need root-proviliges and something should be done about it.

I have a utility app "mjsucap" (based on sucap included in libcap) that is
designed to fit this purpose. It has been around for a while (it is part
of Mustajuuri distribution)

It works like this:

1) user starts mjsucap (setuid root) with a list arguments
2) mjsucap forks a new process and sets its capacilities to
real-time-friendly mode (scheduling, RTC-access). The new process takes on
the user id so that full root-provileges are not available.
3) The forked process executes the actual application with the arguments
4) The application can get real-time priority and high-frequency RTC that
are needed for real-time operation

The basic idea is that a user does not really have to see or consider the
mjsucap at all.

Quite obviously I have Mustajuuri as an application (with the name
"mustajuuri-bin") and mjsucap as a launcher (named "mustajuuri" to aid
confusion :-).

Mjsucap is meant to be recompiled and renamed for any new applications
that want to be run with rt-privileges (the absolute path of the real app
is used to guarantee that a user cannot start any app). It is small and
stand-alone with minimal dependencies (you do need libcap).

PS. To get this working you need to modify and recompile the kernel
(capfaq, chapter 10) so this is not quite as trivial as one would like it
to be...

PPS. As usual, this has not been tested thoroughly...

PPPS. Please find bugs and design errors ;-)

Tommi Ilmonen Researcher
>=> http://www.hut.fi/u/tilmonen/
  Linux/IRIX audio: Mustajuuri
>=> http://www.tml.hut.fi/~tilmonen/mustajuuri/
    3D audio/animation: DIVA
>=> http://www.tml.hut.fi/Research/DIVA/


New Message Reply About this list Date view Thread view Subject view Author view Other groups

This archive was generated by hypermail 2b28 : Thu May 03 2001 - 14:50:52 EEST