Re: [PATCH] Realtime LSM

[Chris Wright]

* Lee Revell (rlrevell@xxxxxxxxxxx) wrote:
> On Fri, 2004-10-01 at 00:05, Jack O'Quin wrote:
> > The ulimit approach is way too cumbersome.
> 
> Agreed.  The whole point of getting realtime-lsm in the kernel is to
> make it _easier_ to get a linux audio (or other realtime system) up and
> running.

It's nice to have something that's easy to use, but that's not a great
justification for addition to the kernel.  Esp. when there's a
functional userspace solution.

> Would it be feasible to use rlimits to let users run
> SCHED_FIFO processes?

No, it doesn't support that.  I suppose it could, whether is should
is another matter.

> The ulimit approach would probably be acceptable
> if it subsumed all the functionality of the realtime-lsm module.

Hrm, I guess we'll have to agree to disagree.  The whole point of the
mlock rlimits code is to enable this policy to be pushed to userspace.
A generic method of enabling capabilities is the best way to go, long
term.  Any interest in pursuing that?

thanks,
-chris
-- 
Linux Security Modules     http://lsm.immunix.org     http://lsm.bkbits.net
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/