Subject: Re: [linux-audio-user] running jack as non-root?
From: Jack O'Quin (joq_AT_io.com)
Date: Sat Feb 28 2004 - 17:46:15 EET
Hasse Hagen Johansen <hhj_AT_musikcheck.dk> writes:
> Hmm. There is some discussion if the LSM is actually very secure. That
> why RSBAC is not using/is implemented as an LSM, but of course there
> is always discussions...
All the complaints I've seen about LSM were rather vague, and mostly
seem motivated by discontent that someone else's security hooks got
introduced into the mainline kernel. The current hooks are quite
adequate for my simple needs.
Do you know of any specific security problems that I should watch out
for? None have been mentioned on the linux-security-module mailing
list.
> I was actualy thinking about if I could use EA/ACL and/or rsbac or
> grsecurity, for granting specific users running specific executables
> the Realtime capability
That would be nice. How would you propose to go about it?
To have any traction as a general solution for Linux Audio, a solution
needs to be based on generally-available code. There is no point in
telling users or distibutions: "apply this 30,000-line patch to your
kernel, then tag the following 127 files with Access Control Lists."
It won't happen.
-- joq
This archive was generated by hypermail 2b28 : Sat Feb 28 2004 - 17:44:54 EET