Re: [PATCH] Realtime LSM

[Jack O'Quin]

torbenh@xxxxxx writes:

> On Thu, Sep 16, 2004 at 01:27:02PM -0500, Jack O'Quin wrote:
> > It recently occurred to me that jackstart might be able to detect this
> > situation and exec jackd, anyway.  (AFAICT, the only reasonably
> > POSIX-compliant method for detecting that a process has the
> > "appropriate permission" to do something is trying it to see whether
> > it returns EPERM.)
> 
> how should jackstart detect the situation ?
> its running SUID root and is allowed to do everything.

I was thinking that it could drop root privileges and try creating a
realtime thread.  But, then I realied it would be better (and simpler)
for `jackstart' to exec `jackd' unconditionally, even when the
required capabilities are not available.  Let `jackd' figure out for
itself what it can actually do.

That is what I meant about trying the operation being the only
reliable test.  Jackstart should not give up just because one
privilege mechanism is unavailable.  It cannot know all the possible
reasons why jackd might or might not have access to realtime
resources.  Its job is simply to pass the capabilities if they are
available.
-- 
  joq
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/