Re: RFC: Realtime system (audio) group

To: debian-devel@lists.debian.org
Subject: Re: RFC: Realtime system (audio) group
From: Adrian Knoth <adi@drcomp.erfurt.thur.de>
Date: Wed, 25 Jan 2012 13:17:46 +0100
Message-id: <[🔎] 4F1FF2EA.8090105@drcomp.erfurt.thur.de>
In-reply-to: <[🔎] 20120125114347.GA20506@wavehammer.waldi.eu.org>
References: <[🔎] 4F1FDA28.9020503@drcomp.erfurt.thur.de> <[🔎] 20120125114347.GA20506@wavehammer.waldi.eu.org>

On 01/25/2012 12:43 PM, Bastian Blank wrote:

[background story: pro-audio applications run with POSIX realtime
priorities to meet low-latency deadlines. We ship
/etc/security/limits.d/audio.conf in the jackd packages to grant rt
privileges to the audio group]


Why does jackd not grant _itself_ RT priority? It can grant itself
CAP_SYS_NICE, which allows arbitrary mangling of priorities.


   # setcap cap_sys_nice,cap_ipc_lock+eip /usr/bin/jackd

Works, but is hardly an improvement. It's either a stability risk (if
not limited) or:

It could still limit the usage for users with the audio group and just
drop the capability of the user is not in this group.


Which would still require the user to be part of a special group. The
audio group can't be used for this, as it would again combine "access to
sound card" and "have realtime permissions" as described in #656910.

So we're back at how to name this group. ;)


Cheers

Reply to:

References:
- RFC: Realtime system (audio) group
  - From: Adrian Knoth <adi@drcomp.erfurt.thur.de>
- Re: RFC: Realtime system (audio) group
  - From: Bastian Blank <waldi@debian.org>

Prev by Date: Re: RFC: Realtime system (audio) group
Next by Date: Candidates for removal from testing
Previous by thread: Re: RFC: Realtime system (audio) group
Next by thread: Bug#657291: ITP: ruby-mab -- a templating engine for writing HTML pages in pure Ruby
Index(es):
- Date
- Thread