Re: FW: jackd/ audio apps mini policy

To: guenter geiger <geiger@xdv.org>
Cc: Zenaan Harkness <zen@aaroncommercial.com>, <debian-multimedia@lists.debian.org>
Subject: Re: FW: jackd/ audio apps mini policy
From: "Jack O'Quin" <joq@io.com>
Date: 07 Nov 2003 11:03:14 -0600
Message-id: <[🔎] 87y8us3yct.fsf@sulphur.joq.us>
In-reply-to: <[🔎] Pine.LNX.4.31.0311071716440.21033-100000@xdv.org>
References: <[🔎] Pine.LNX.4.31.0311071716440.21033-100000@xdv.org>

guenter geiger <geiger@xdv.org> writes:

> From reading these comments and taking a look at the mlockall call and
> how it is used in jack, I understand that this might really be
> very dangerous ... mlockall (MCL_CURRENT | MCL_FUTURE)

The requirement is for running realtime audio applications as an
ordinary (non-root) user.  This is a system-level security admin
policy choice.  Given that, the ability of such programs to crash or
lock up the system is a given.  There is nothing anyone can do about
that.

If that risk is not acceptable for your system, then don't run
realtime audio applications on it.  Running them as root would be even
worse.

The goal is to prevent these realtime apps from being able to
accidentally or intentionally corrupt the filesystem or take over the
network.  These are *much* worse problems than crashing the system.
-- 
  joq

Reply to:

Follow-Ups:
- Re: FW: jackd/ audio apps mini policy
  - From: guenter geiger <geiger@xdv.org>

References:
- Re: FW: jackd/ audio apps mini policy
  - From: guenter geiger <geiger@xdv.org>

Prev by Date: Re: FW: jackd/ audio apps mini policy
Next by Date: Re: FW: jackd/ audio apps mini policy
Previous by thread: Re: FW: jackd/ audio apps mini policy
Next by thread: Re: FW: jackd/ audio apps mini policy
Index(es):
- Date
- Thread