Re: [PATCH] [request for inclusion] Realtime LSM
From: Chris Wright
Date: Tue Jan 04 2005 - 20:54:59 EST
* Alan Cox (alan@xxxxxxxxxxxxxxxxxxx) wrote:
> On Maw, 2005-01-04 at 18:59, Lee Revell wrote:
> > We could do it the was OSX (our real competition) does if that would
> > make people happy. They just let any user run RT tasks. Oh wait, but
> > that's a "broken design", everyone knows that OSX is a joke, no one
> > would use *that* OS to mix a CD or score a movie. :-)
>
> You can do that already, just make everyone root
>
> The problem with uid/gid based hacks is that they get really ugly to
> administer really fast. Especially once you have users who need realtime
> and hugetlb, and users who need one only.
I don't believe the hugetlb gid stuff is useful anymore. It should be
handled nicely via rlimits.
> It would be far cleaner to split CAP_SYS_NICE capability down - which
> should cover the real time OS functions nicely. Right now it gives a few
> too many rights but that could be fixed easily.
Hmm, how do we do this w/out breaking things? Maybe I'm misunderstanding
your idea.
thanks,
-chris
--
Linux Security Modules http://lsm.immunix.org http://lsm.bkbits.net
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/