At Fri, 26 Nov 2010 20:06:13 +0100 (CET), Michael Foerster wrote:
On Fri, 26 Nov 2010, Dave Plater wrote:
On 11/26/2010 07:25 PM, Michael Foerster wrote:
<snip> A suid/filecap-wrapper in /usr/bin to start jack as a normal user with the needed rights/prio/sheduling, and the deamon itself residing in /usr/sbin would be the most universally secure and practicable solution in my eyes.
ATM you have to ask or look at jack faqs to get jack to work in all the distros afaik. I'm making an effort to try and change that. I like the man page idea and I will try to put some info in there, it will be good sed practice for me. A wrapper isn't really an option as jack is normally started by the application that uses it. An experienced user that starts jack and sets up connections wouldn't need to know about how to grant jack real time rights.
The question is how does an application start jack. If the applikation is started as an normal user there's no /sbin/ nor /usr/sbin/ in the path so the wrapper in /usr/bin would be used to start the real jackd binary with the needed rights. If the app calls /usr/sbin/jackd directly, the better approach would be to move the jackd binary to /usr/sbin/jackd-bin and install or symlink the wrapper as /usr/sbin/jackd in addition to /usr/bin/jackd. That would handle both cases.
The real question is what can be doen to 'automatize' the need right-granting without the need to patch any other app.
An other question is this scenario: If one grants the rights in /etc/security/limits.conf to the audio group, and the user is a member of this group, and the audio-app and jackd are installed as group audio, what rights / prio / sheduling will have any other app? E.g. Firefox with Flash, which also uses audio-out?
Do we open up a security hole?
The proper limits.conf provide only a limited resource for RT and memory-lock, thus in general, this shouldn't result in a complete system-down. But, this gives far more rights than normal, so anything weird could be triggered, in theory, yes. The limits.conf solution is pretty easy, but it's not fine-grained enough. So, no distros (except for audio-specific ones) don't want set it as default. Takashi -- To unsubscribe, e-mail: opensuse-packaging+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-packaging+help@opensuse.org