Re: [PATCH] Realtime LSM

[Lee Revell <rlrevell@joe-job.com>]

On Fri, 2004-10-08 at 17:21, Andrew Morton wrote:
> Lee Revell <rlrevell@joe-job.com> wrote:
> >
> > Here's an updated patch, only
> > difference is line numbers.
> 
> Nice patch.  Wanna tell me something about what it's for?
> 
> I haven't been following the "Realtime LSM" thread and I'd rather not have to
> prepare a description of your work for you.
> 

Oh, sorry.  Here's the description from my original post:

The realtime-lsm Linux Security Module, written by Torben Hohn and Jack
O'Quin, selectively grants realtime capabilities to specific user groups
or applications.  The typical use for this is low latency audio, and the
patch has been extensively field tested by Linux audio users.  The
realtime LSM is a major improvement in security over the 2.4 capablities
patch and other workarounds like jackstart, which rely on CAP_SETPCAP.

This has been extensively field tested, and undeniably satisfies a
demand (unlike some other LSMs posted lately).  Here is the the author's
more detailed explanation:

"We would never have developed this LSM had there not been a serious
need.  Audio developers have been struggling for years with the need
to apply specialized kernel patches to get acceptable realtime
operation.  Audio is very intolerant of realtime glitches.  They cause
nasty pops in the output.  And, large audio applications should not
run as `root'.  The 2.4 "capabilities patch" was never a satisfactory
solution.

Thanks to the good work being done on 2.6, we are now close to being
able to do serious realtime work with standard kernels available
everwhere.  The LSM framework is an important element of that
solution, with the realtime LSM a small but essential component,
because it makes these features available without excessive
administrative burden.  Many musicians have a Mac or Windows
background.  They are not willing to perform complex system
administration tasks to get good audio performance.  PAM is great for
sophisticated sysadmins on shared systems.  But, I seriously doubt
many musicians will be able to configure it correctly.  For a
single-user Digital Audio Workstation it is overkill.

So, even if you do provide a more general solution, I will probably
have to continue supporting the realtime-lsm interface throughout the
2.6 kernel life-cycle, as there will be enough users for it to be a
defacto standard.  If it is no longer needed in the 2.8 timeframe, I
can drop support then.

It's hard to say how many people use realtime-lsm right now.
SourceForge lists about 1500 source downloads over the last six
months.  Binary copies are included in the most popular audio-oriented
distributions, including Planet CCRMA and DeMuDi.  I guess there are
probably no more than a few thousand active users."

Lee