Re: [PATCH] Realtime LSM

From: William Lee Irwin III
Date: Mon Sep 13 2004 - 22:09:40 EST

Next message: Andrew Morton: "Re: [pagevec] resize pagevec to O(lg(NR_CPUS))"
Previous message: viro: "Re: procfs and chroot() ... ?"
In reply to: Lee Revell: "Re: [PATCH] Realtime LSM"
Next in thread: Lee Revell: "Re: [PATCH] Realtime LSM"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, 2004-09-13 at 19:34, Chris Wright wrote:
>> The mlock() bit is unecessary now. Use rlimits on the audio users.
>> Which leaves realtime bits, plus others. I had a more generic module
>> (per-capability) that would be a superset of this. Perhaps that's a
>> better fit. I'm travelling this week, so forgive the spotty replies.

On Mon, Sep 13, 2004 at 10:18:06PM -0400, Lee Revell wrote:
> I think this would be fine. All we need is a way to allow users to run
> SCHED_FIFO processes and use mlockall() without being root and without
> having to patch the kernel. It's a pretty simple requirement.

Please construct a entitlement/permission checking scheme for this that
is not so lax as removing permissions checks altogether conditionally
on some sysctl.

-- wli
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Andrew Morton: "Re: [pagevec] resize pagevec to O(lg(NR_CPUS))"
Previous message: viro: "Re: procfs and chroot() ... ?"
In reply to: Lee Revell: "Re: [PATCH] Realtime LSM"
Next in thread: Lee Revell: "Re: [PATCH] Realtime LSM"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]