[prev in list] [next in list] [prev in thread] [next in thread]
List: linux-audio-dev
Subject: Re: [LAD] QTractor: QThreads: Not realtime on Linux without root?
From: Felipe Ferreri Tonello <eu () felipetonello ! com>
Date: 2017-01-11 14:33:27
Message-ID: a505c393-5080-7f3a-6b0d-afcb7f1a2275 () felipetonello ! com
[Download RAW message or body]
Hi Ralf,
On 11/01/17 14:25, Ralf Mattes wrote:
>
> Am Mittwoch, 11. Januar 2017 14:20 CET, Felipe Ferreri Tonello <eu@felipetonello.com> schrieb:
>
>> Hi Ralf,
>>
>> On 11/01/17 12:52, Ralf Mattes wrote:
>>>
>>> Am Mittwoch, 11. Januar 2017 13:21 CET, Felipe Ferreri Tonello <eu@felipetonello.com> schrieb:
>>>
>>>> Hi Ralf,
>>>>
>>>> On 03/01/17 21:37, Ralf Mattes wrote:
>>>>>
>>>>> Am Dienstag, 03. Januar 2017 19:31 CET, Felipe Ferreri Tonello <eu@felipetonello.com> schrieb:
>>>>>
>>>>>
>>>>>> If sched_setscheduler() returns -1, check if errno is set to EPERM. In
>>>>>> this case the user trying to perform this operation does not have
>>>>>> CAP_SYS_NICE[1] capability, which is *required*.
>>>>>>
>>>>>> [1] http://man7.org/linux/man-pages/man7/capabilities.7.html
>>>>>>
>>>>>> If you want this type of feature, set CAP_SYS_NICE to the group audio
>>>>>> that you are referring.
>>>>>
>>>>> ??? How can I grant capabilities to a group? I thought capabilites where either given to
>>>>> a user (via /etc/security/capability.conf) or to a binary (by means of setcap).
>>>>
>>>> AFAIK, pam_cap support users and groups.
>>>
>>> Not according to my local manpages (pam_cap(8) 09/23/2011 and CAPABILITY.CONF(5) -- 09/23/2011).
>>> Do you have any y reference for your information?
>>
>> I never tested, but try out based on this reference[1] paragraph 2.2.
>
> Yes, but that paragraph seems to be simply wrong. And the code you link to
> in [3] clearly shows that.
>
>> Apparently there are two implementations for pam_cap. One supports the
>> other doesn't.
>
> No. That's wrong. pam_cap doesn't support caps by group, your second link points
> the pam_capability module. IIRC that was only ever available in OpenSuse. The git log
> (single line ...) of that repository doesn't really make me want to integrate it into a seccurity
> service.
>
If that feature is really important for you, you can always patch
pam_cap.c from lipcap2.
It seems like a nice feature to have, IMO.
--
Felipe
["0x92698E6A.asc" (application/pgp-keys)]
_______________________________________________
Linux-audio-dev mailing list
Linux-audio-dev@lists.linuxaudio.org
http://lists.linuxaudio.org/listinfo/linux-audio-dev
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic