From: Peter Williams <pwil3058@bigpond.net.au>
To: Paul Davis <paul@linuxaudiosystems.com>
Cc: "Bill Huey (hui)" <bhuey@lnxw.com>, Ingo Molnar <mingo@elte.hu>,
"Jack O'Quin" <joq@io.com>, Nick Piggin <nickpiggin@yahoo.com.au>,
Con Kolivas <kernel@kolivas.org>,
linux <linux-kernel@vger.kernel.org>,
rlrevell@joe-job.com, CK Kernel <ck@vds.kolivas.org>,
utz <utz@s2y4n2c.de>, Andrew Morton <akpm@osdl.org>,
alexn@dsv.su.se, Rui Nuno Capela <rncbc@rncbc.org>,
Chris Wright <chrisw@osdl.org>,
Arjan van de Ven <arjanv@redhat.com>
Subject: Re: [patch, 2.6.11-rc2] sched: RLIMIT_RT_CPU_RATIO feature
Date: Fri, 04 Feb 2005 08:48:19 +1100 [thread overview]
Message-ID: <42029C23.1000300@bigpond.net.au> (raw)
In-Reply-To: <200502031420.j13EKwFx005545@localhost.localdomain>
Paul Davis wrote:
>
> There are several kernel-side attributes that would make JACK better from
> my perspective:
>
> * better ways to acquire and release RT scheduling
I'm no expert on the topic but it would seem to me that the mechanisms
associated with the capable() function are intended to provide a
consistent and extensible interface to the control of privileged
operations with possible finer grained control than "root 'yes' and
everybody else 'no'". Maybe the way to solve this problem is to modify
the interpretation of capable(CAP_SYS_NICE) so that it returns true when
invoked by a task setuid to a nominated uid in addition to zero?
By default, this additional uid would be set to zero (i.e. not change to
current capabilities) but a mechanism to allow a suitable privileged
user to change it could be provided. Programs which the sysadmin wishes
to be allowed to acquire RT scheduling even when used by ordinary users
could be setuid to this "RT user". If the account for the "RT user" was
properly configured (e.g. not allowed to log in, no home directory,
etc.) then the damage that could be done by tasks run as setuid "RT
user" would be limited.
Peter
PS Maybe SELinux already provides this functionality or something better?
--
Peter Williams pwil3058@bigpond.net.au
"Learning, n. The kind of ignorance distinguishing the studious."
-- Ambrose Bierce
next prev parent reply other threads:[~2005-02-03 21:49 UTC|newest]
Thread overview: 198+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-01-19 22:39 [PATCH]sched: Isochronous class v2 for unprivileged soft rt scheduling Con Kolivas
2005-01-20 0:16 ` utz lehmann
2005-01-20 0:33 ` Con Kolivas
2005-01-20 4:26 ` utz lehmann
2005-01-20 5:55 ` Con Kolivas
2005-01-20 17:54 ` Alexander Nyberg
2005-01-20 20:27 ` Con Kolivas
2005-01-20 0:53 ` Con Kolivas
2005-01-20 1:32 ` Jack O'Quin
2005-01-20 2:06 ` Con Kolivas
2005-01-20 2:45 ` Jack O'Quin
2005-01-20 4:07 ` Con Kolivas
2005-01-20 4:57 ` Jack O'Quin
2005-01-20 5:05 ` Gene Heskett
2005-01-20 5:59 ` Con Kolivas
2005-01-20 6:35 ` Con Kolivas
2005-01-20 15:19 ` Jack O'Quin
2005-01-20 15:42 ` Paul Davis
2005-01-20 16:47 ` Jack O'Quin
2005-01-20 17:25 ` Ingo Molnar
2005-01-22 0:09 ` Jack O'Quin
2005-01-22 16:54 ` Ingo Molnar
2005-01-22 21:23 ` Jack O'Quin
2005-01-23 2:06 ` Nick Piggin
2005-01-23 2:58 ` Chris Wright
2005-01-24 8:59 ` Ingo Molnar
2005-01-24 9:55 ` Paolo Ciarrocchi
2005-01-24 10:29 ` Nick Piggin
2005-01-24 10:46 ` Ingo Molnar
2005-01-24 12:58 ` [patch, 2.6.11-rc2] sched: /proc/sys/kernel/rt_cpu_limit tunable Ingo Molnar
2005-01-24 13:34 ` Ingo Molnar
2005-01-24 13:53 ` Con Kolivas
2005-01-24 14:01 ` [ck] " Con Kolivas
[not found] ` <87k6q2umla.fsf@sulphur.joq.us>
2005-01-25 6:28 ` Nick Piggin
2005-01-25 14:12 ` Ingo Molnar
2005-01-25 8:37 ` Ingo Molnar
2005-01-25 21:36 ` Jack O'Quin
2005-01-25 21:49 ` Ingo Molnar
2005-01-25 21:55 ` Chris Wright
2005-01-25 21:57 ` Ingo Molnar
2005-01-25 22:03 ` Chris Wright
2005-01-25 22:08 ` Ingo Molnar
2005-01-25 22:16 ` Chris Wright
2005-01-25 22:44 ` Bill Rugolsky Jr.
2005-01-26 5:12 ` Jack O'Quin
2005-01-26 7:27 ` Ingo Molnar
2005-01-26 11:02 ` [patch, 2.6.11-rc2] sched: RLIMIT_RT_CPU feature, -D7 Ingo Molnar
2005-01-25 13:56 ` [patch, 2.6.11-rc2] sched: RLIMIT_RT_CPU_RATIO feature Ingo Molnar
2005-01-25 14:06 ` Con Kolivas
2005-01-25 22:18 ` Peter Williams
2005-01-25 22:26 ` Peter Williams
2005-01-26 10:08 ` [patch, 2.6.11-rc2] sched: RLIMIT_RT_CPU feature, -D7 Ingo Molnar
2005-01-26 14:22 ` Jack O'Quin
2005-01-26 16:18 ` [ck] " Cal
2005-01-26 16:29 ` Cal
2005-01-26 16:41 ` Jack O'Quin
2005-01-26 17:57 ` Cal
2005-01-26 18:57 ` Jack O'Quin
2005-01-27 2:03 ` Cal
2005-01-27 8:51 ` [patch, 2.6.11-rc2] sched: RLIMIT_RT_CPU feature, -D8 Ingo Molnar
2005-01-27 12:48 ` Cal
2005-01-27 16:31 ` Mike Galbraith
2005-01-26 21:28 ` [patch, 2.6.11-rc2] sched: RLIMIT_RT_CPU feature, -D7 Peter Williams
2005-01-26 21:44 ` Peter Williams
2005-01-26 9:20 ` [patch, 2.6.11-rc2] sched: RLIMIT_RT_CPU_RATIO feature Ingo Molnar
2005-01-31 23:03 ` Peter Williams
2005-02-01 10:11 ` [patch] sys_setpriority() euid semantics fix Ingo Molnar
2005-02-01 21:46 ` Peter Williams
2005-01-26 5:24 ` [patch, 2.6.11-rc2] sched: RLIMIT_RT_CPU_RATIO feature Jack O'Quin
2005-01-26 7:04 ` Ingo Molnar
2005-01-26 22:27 ` Jack O'Quin
2005-01-26 23:29 ` Nick Piggin
2005-01-27 2:31 ` Jack O'Quin
2005-01-27 3:26 ` Nick Piggin
2005-01-27 5:15 ` Jack O'Quin
2005-01-27 5:54 ` Nick Piggin
2005-01-27 8:35 ` Ingo Molnar
2005-01-27 8:59 ` Ingo Molnar
2005-01-27 11:35 ` Ingo Molnar
2005-02-02 5:10 ` Jack O'Quin
2005-02-02 11:10 ` Bill Huey
2005-02-02 16:44 ` Jack O'Quin
2005-02-02 21:14 ` Bill Huey
2005-02-02 21:20 ` Bill Huey
2005-02-02 21:21 ` Ingo Molnar
2005-02-02 21:34 ` Bill Huey
2005-02-02 22:59 ` Paul Davis
2005-02-03 2:46 ` Bill Huey
2005-02-03 14:20 ` Paul Davis
2005-02-03 20:19 ` Con Kolivas
2005-02-03 20:47 ` Ingo Molnar
2005-02-03 21:15 ` Paul Davis
2005-02-03 21:28 ` Ingo Molnar
2005-02-03 21:41 ` Paul Davis
2005-02-03 21:59 ` Ingo Molnar
2005-02-03 22:24 ` Paul Davis
2005-02-03 22:26 ` Ingo Molnar
2005-02-04 0:36 ` Tristan Wibberley
2005-02-03 21:48 ` Peter Williams [this message]
2005-02-04 16:41 ` Jack O'Quin
2005-02-04 21:38 ` Peter Williams
2005-02-03 21:41 ` Ingo Molnar
2005-02-03 23:01 ` Bill Huey
2005-02-11 21:27 ` Lee Revell
2005-02-02 21:54 ` Peter Williams
2005-02-02 23:03 ` Paul Davis
2005-02-02 23:46 ` Peter Williams
2005-02-03 1:13 ` Jack O'Quin
2005-02-03 3:10 ` Peter Williams
2005-02-03 3:56 ` Jack O'Quin
2005-02-03 21:36 ` Ingo Molnar
2005-02-04 0:35 ` Chris Wright
2005-02-04 17:21 ` Jack O'Quin
2005-02-03 2:54 ` Bill Huey
2005-02-03 3:25 ` Peter Williams
2005-02-02 11:37 ` Ingo Molnar
2005-02-02 16:01 ` Jack O'Quin
2005-02-02 18:59 ` Lee Revell
2005-02-02 19:31 ` Jack O'Quin
2005-02-02 20:29 ` Ingo Molnar
2005-02-02 22:45 ` Jack O'Quin
2005-02-02 20:17 ` Ingo Molnar
2005-01-27 20:01 ` Lee Revell
2005-01-28 6:38 ` Ingo Molnar
2005-01-28 8:09 ` Jack O'Quin
2005-01-28 8:08 ` Ingo Molnar
2005-01-28 8:35 ` Jack O'Quin
2005-01-28 8:40 ` Ingo Molnar
2005-01-28 9:01 ` Jack O'Quin
2005-01-28 9:11 ` Ingo Molnar
2005-01-29 0:44 ` Lee Revell
2005-01-28 9:51 ` Mike Galbraith
2005-01-28 22:16 ` Peter Williams
2005-01-28 22:19 ` Ingo Molnar
2005-01-29 7:02 ` Jack O'Quin
2005-01-31 22:29 ` Bill Davidsen
2005-02-01 0:39 ` Bill Huey
2005-01-25 5:16 ` [PATCH]sched: Isochronous class v2 for unprivileged soft rt scheduling Jack O'Quin
2005-01-25 15:09 ` Ingo Molnar
2005-01-23 20:48 ` Jack O'Quin
2005-01-23 22:57 ` Con Kolivas
2005-01-24 1:06 ` Jack O'Quin
2005-01-24 1:09 ` Con Kolivas
2005-01-24 4:45 ` Jack O'Quin
2005-01-24 4:53 ` Jack O'Quin
2005-01-24 6:28 ` Jack O'Quin
2005-01-24 6:35 ` Con Kolivas
2005-01-24 6:57 ` Jack O'Quin
2005-01-24 22:58 ` Con Kolivas
2005-01-25 3:55 ` Con Kolivas
2005-01-25 13:05 ` Con Kolivas
2005-01-25 14:38 ` Con Kolivas
2005-01-25 18:36 ` Jack O'Quin
2005-01-25 20:52 ` Rui Nuno Capela
2005-01-24 21:46 ` Con Kolivas
2005-01-23 7:38 ` Jack O'Quin
2005-01-23 7:41 ` Con Kolivas
2005-01-24 6:30 ` Jack O'Quin
2005-01-24 20:55 ` Ingo Molnar
2005-01-20 21:59 ` Peter Chubb
2005-01-21 0:30 ` Jack O'Quin
2005-01-22 14:06 ` Paul Davis
2005-01-20 17:49 ` ross
2005-01-20 19:07 ` Lee Revell
2005-01-20 23:17 ` Con Kolivas
2005-01-21 7:48 ` Ingo Molnar
2005-02-07 3:09 ` Werner Almesberger
2005-02-07 3:27 ` Jack O'Quin
2005-02-07 3:27 ` Con Kolivas
2005-01-20 9:06 ` Rui Nuno Capela
2005-01-20 17:09 ` Rui Nuno Capela
2005-01-20 19:32 ` Jack O'Quin
2005-01-21 9:18 ` Rui Nuno Capela
2005-01-21 16:23 ` Con Kolivas
2005-01-21 16:40 ` Jack O'Quin
2005-01-22 0:06 ` Con Kolivas
2005-01-22 6:18 ` Jack O'Quin
2005-01-22 6:19 ` Con Kolivas
2005-01-22 6:48 ` Con Kolivas
2005-01-22 6:50 ` Con Kolivas
2005-01-22 7:09 ` Con Kolivas
2005-01-22 20:22 ` Jack O'Quin
2005-01-23 1:02 ` Con Kolivas
2005-01-23 3:02 ` Jack O'Quin
2005-01-23 4:29 ` Con Kolivas
2005-01-23 4:46 ` Jack O'Quin
2005-01-23 4:50 ` Con Kolivas
2005-01-23 7:37 ` Mike Galbraith
2005-01-23 13:57 ` Paul Davis
2005-01-23 1:31 ` Con Kolivas
2005-01-23 1:41 ` Paul Davis
2005-01-23 1:56 ` Con Kolivas
2005-01-23 4:50 ` Jack O'Quin
2005-01-21 23:30 ` utz lehmann
2005-01-21 23:48 ` Con Kolivas
2005-01-22 0:28 ` utz lehmann
2005-01-22 3:52 ` Con Kolivas
2005-01-22 6:15 ` Jack O'Quin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=42029C23.1000300@bigpond.net.au \
--to=pwil3058@bigpond.net.au \
--cc=akpm@osdl.org \
--cc=alexn@dsv.su.se \
--cc=arjanv@redhat.com \
--cc=bhuey@lnxw.com \
--cc=chrisw@osdl.org \
--cc=ck@vds.kolivas.org \
--cc=joq@io.com \
--cc=kernel@kolivas.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@elte.hu \
--cc=nickpiggin@yahoo.com.au \
--cc=paul@linuxaudiosystems.com \
--cc=rlrevell@joe-job.com \
--cc=rncbc@rncbc.org \
--cc=utz@s2y4n2c.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).