Re: [linux-audio-dev] Linux Security Module for realtime audio

New Message Reply About this list Date view Thread view Subject view Author view Other groups

Subject: Re: [linux-audio-dev] Linux Security Module for realtime audio
From: torbenh_AT_gmx.de
Date: Tue Dec 02 2003 - 09:54:58 EET


On Sun, Nov 30, 2003 at 10:10:45PM -0600, Jack O'Quin wrote:
> torbenh_AT_gmx.de wrote:
>
> > attached is what i have done today.... works, but needs to
> > be checked by someone who can judge about the sideeffects.
> >
> > i am not so sure about them.
>
> Encouraged by your success, I plan to modify this LSM to implement the
> `kernel/realtime' and `kernel/realtime-group' interfaces we discussed
> recently. I'll keep you posted on how that progresses.

the most simple way would be parameters given to the module for the
realtime group and user. There are nice macros for module parameters.

i believe that adding to the currently overridden function

if( bprm->e_gid == realtime_gid ) {
  bprm->cap_effective = CAP_IPC_LOCK | CAP_SYS_NICE | CAP_SYS_RESORCE
  bprm->cap_permitted = CAP_IPC_LOCK | CAP_SYS_NICE | CAP_SYS_RESORCE
}

should work fine.

although i am not happy with CAP_SYS_RESOURCE ( needed for RTC interrupts > 64Hz )
which also allows a process to Override quota limits.

But because in drivers/char/rtc.c the check is
if ( capable( CAP_SYS_RESOURCE ) ) { allow higher freq }

it seems like its not possible with the current implementation.
but we could however provide a jackrtc module which checks for a
new CAP_RTC_INTS.

-- 
torben Hohn
http://galan.sourceforge.net -- The graphical Audio language


New Message Reply About this list Date view Thread view Subject view Author view Other groups

This archive was generated by hypermail 2b28 : Tue Dec 02 2003 - 09:51:48 EET