On Fri, Feb 11, 2005 at 06:49:05PM +0100, Ingo Molnar wrote: > > * Matt Mackall <[EMAIL PROTECTED]> wrote: > > > > > Yes. There's also the whole soft limit thing. > > > > > > i'm curious, how does this 'per-app' rlimit thing work? If a user has > > > jackd installed and runs it from X unprivileged, how does it get the > > > elevated rlimit? > > > > It needs a setuid launcher. It would be nice to be able to elevate the > > rlimits of running processes but the API doesn't exist yet. > > With a setuid launcher you need _zero_ kernel help to get SCHED_FIFO: if > you have a launcher then already today it can just give SCHED_FIFO to > jackd and be done with it!
I'm sure you know all this already but I'll spell it out so we're all clear: a) rlimits are tracked per-process so they're fundamentally per-process b) there are hard and soft limits, with soft always <= hard c) only root can raise hard rlimits, but normal users can lower them d) if a user owns a process, he can gain the privileges of that process by various means, so in the strict sense per-process privileges are meaningless - all privileges are per-uid e) so we either need to segregate all privileged processes into separate uid domains f) or we're assuming non-malicious users and soft limits are sufficient. Now I suspect we don't want to insist people do (e) (though I'd certainly encourage them to try). Don't forget that the rlimits approach allows us to reserve the highest priorities for root. I'm pretty sure an effective watchdog policy can thus be implemented in userspace, which RT-LSM can't really offer. -- Mathematics is the supreme nostalgia of our time. - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
