Re: FW: jackd/ audio apps mini policy

To: "Jack O'Quin" <joq@io.com>
Cc: Zenaan Harkness <zen@aaroncommercial.com>, <debian-multimedia@lists.debian.org>
Subject: Re: FW: jackd/ audio apps mini policy
From: guenter geiger <geiger@xdv.org>
Date: Fri, 7 Nov 2003 17:22:00 +0100 (CET)
Message-id: <[🔎] Pine.LNX.4.31.0311071716440.21033-100000@xdv.org>
In-reply-to: <[🔎] 87ad785k5h.fsf@sulphur.joq.us>

On 7 Nov 2003, Jack O'Quin wrote:
> Zenaan Harkness <zen@aaroncommercial.com> writes:
>
> > From: Matthias Urlichs
> > > Hi, Jack O'Quin wrote:
> > >
> > > > So far, no one is sure why CAP_SYS_RESOURCE is needed, but we find
> > > > that mlockall() fails without it.
> > >
> > > For good reason. The resource in question is physical memory. You could
> > > lock all the free memory with this program (thereby condemning it to swap
> > > death) if you're not VERY careful.
>
> Who is Matthias Urlichs?  Has he not been following this discussion?
>
> Is he able to do anything about this mess?  How can we contact him?

>From reading these comments and taking a look at the mlockall call and
how it is used in jack, I understand that this might really be
very dangerous ... mlockall (MCL_CURRENT | MCL_FUTURE)

anyone tried without CAP_SYS_RESOURCE , memory preallocation (I think this
would mean a maximum amount of jack clients) and without the "MCL_FUTURE".

Seems that the MCL_FUTURE would take up all memory and never give it free
at some point, hence it needs higher privileges.
(just a guess, ... again ...)
As it is now a user can lock up the machine by introducing (lots?) of
clients.

Guenter

Reply to:

Follow-Ups:
- Re: FW: jackd/ audio apps mini policy
  - From: "Jack O'Quin" <joq@io.com>

References:
- Re: FW: jackd/ audio apps mini policy
  - From: "Jack O'Quin" <joq@io.com>

Prev by Date: Re: FW: jackd/ audio apps mini policy
Next by Date: Re: FW: jackd/ audio apps mini policy
Previous by thread: Re: FW: jackd/ audio apps mini policy
Next by thread: Re: FW: jackd/ audio apps mini policy
Index(es):
- Date
- Thread