Subject: Re: [linux-audio-dev] Linux Security Module for realtime audio
From: Jens M Andreasen (jens.andreasen_AT_chello.se)
Date: Tue Dec 09 2003 - 02:24:05 EET
On Sun, 2003-12-07 at 01:35, Jack O'Quin wrote:
> I've been experimenting with Torben's LSM for the 2.6 kernel, and the
> realtime group permissions mechanism we discussed.
>
> Naturally, there are some problems. The worst is that GTK-2 will not
> tolerate the use of setgid...
>
> (process:11284): Gtk-WARNING **: This process is currently running setuid or setgid.
> This is not a supported use of GTK+. You must create a helper
> program instead. For further details, see:
>
> http://www.gtk.org/setuid.html
>
> Refusing to initialize GTK+.
In order to get the graphic interface snappy and responsive, I start the
following pthread:
void * interface(void* t_arg)
{
struct sched_param schp;
/** We need realtime performance
*
*/
memset(&schp, 0, sizeof(schp));
schp.sched_priority = sched_get_priority_max(SCHED_RR)/20;
printf("InterfacePriority level: %d\n",schp.sched_priority);
if (sched_setscheduler(0, SCHED_RR, &schp) != 0)
{
perror("sched_setscheduler");
}
else
setreuid(getuid(), getuid());
// This is the call that starts GTK
main_interface(_argc,_argv);
// When we get here, tell everybody else to go home
running = FALSE;
return NULL;
}
mvh // Jens M Andreasen
> This seems to totally invalidate the setgid approach we had discussed,
> at least for audio applications using GTK. QT does not seem to
> complain about setgid, though most of the reasons for avoiding it with
> GTK surely apply there as well.
-<snip>-
This archive was generated by hypermail 2b28 : Tue Dec 09 2003 - 02:23:49 EET