From: Chris Wright <chrisw@osdl.org>
To: Lee Revell <rlrevell@joe-job.com>
Cc: Chris Wright <chrisw@osdl.org>, "Jack O'Quin" <joq@io.com>,
Jody McIntyre <realtime-lsm@modernduck.com>,
linux-kernel <linux-kernel@vger.kernel.org>,
torbenh@gmx.de
Subject: Re: [PATCH] Realtime LSM
Date: Fri, 1 Oct 2004 15:44:10 -0700 [thread overview]
Message-ID: <20041001154410.M1924@build.pdx.osdl.net> (raw)
In-Reply-To: <1096669977.27818.35.camel@krustophenia.net>; from rlrevell@joe-job.com on Fri, Oct 01, 2004 at 06:32:59PM -0400
* Lee Revell (rlrevell@joe-job.com) wrote:
> On Fri, 2004-10-01 at 18:27, Chris Wright wrote:
> > I agree with that. That's not my objection. It's about pushing code
> > (albeit it's small and non-invasive) into the kernel that can be done in
> > userspace, that's all.
>
> How do you envision this working? I am sure it's possible, I think I am
> just not seeing how it would be different in practice.
As of now, the only practical part to move out is just that tiny
mlock bit. Using pam_limits seems the best choice there. This burdens
the audio folks with a documentation task (describing not only how
to turn this rlimits feature on properly, although that'd be welcome
since the docs in that area are lacking, but also doc for the module
re: SCHED_FIFO). A general solution is pam_cap, and making capabilities
inherit in a sane way (Andy L. and I have code to move in that direction).
One step shy of that, is extend what you've done across the capability
set, so that it could solve problems similar to yours but with different
cap requirements. Pushing more bits into rlimits is possible as well,
but could get unruly.
thanks,
-chris
--
Linux Security Modules http://lsm.immunix.org http://lsm.bkbits.net
next prev parent reply other threads:[~2004-10-01 22:48 UTC|newest]
Thread overview: 72+ messages / expand[flat|nested] mbox.gz Atom feed top
2004-09-12 5:46 [PATCH] Realtime LSM Lee Revell
2004-09-12 13:58 ` James Morris
2004-09-12 14:05 ` James Morris
2004-09-12 19:03 ` Lee Revell
2004-09-12 19:16 ` Jack O'Quin
2004-09-16 2:31 ` Jody McIntyre
2004-09-16 4:48 ` Jack O'Quin
2004-09-16 15:51 ` Jody McIntyre
2004-09-16 18:27 ` Jack O'Quin
2004-09-17 7:08 ` torbenh
2004-09-17 20:01 ` Jack O'Quin
2004-09-20 20:20 ` Jody McIntyre
2004-09-12 15:50 ` Kronos
2004-09-13 23:22 ` Lee Revell
2004-09-13 23:34 ` Chris Wright
2004-09-14 2:18 ` Lee Revell
2004-09-14 3:01 ` William Lee Irwin III
2004-09-14 3:46 ` Lee Revell
2004-09-14 3:50 ` William Lee Irwin III
2004-09-20 20:23 ` Jody McIntyre
2004-09-21 0:11 ` Jack O'Quin
2004-09-21 7:52 ` torbenh
2004-09-30 21:14 ` Jody McIntyre
2004-09-30 21:53 ` Lee Revell
2004-10-01 0:37 ` Jack O'Quin
2004-10-01 1:20 ` Chris Wright
2004-10-01 4:05 ` Jack O'Quin
2004-10-01 20:40 ` Lee Revell
2004-10-01 21:23 ` Chris Wright
2004-10-01 22:19 ` Lee Revell
2004-10-01 22:27 ` Chris Wright
2004-10-01 22:32 ` Lee Revell
2004-10-01 22:44 ` Chris Wright [this message]
2004-10-05 5:55 ` Jack O'Quin
2004-10-07 23:51 ` Lee Revell
2004-10-08 20:58 ` Lee Revell
2004-10-08 21:21 ` Andrew Morton
2004-10-08 21:22 ` Lee Revell
2004-10-08 21:25 ` Lee Revell
2004-10-08 21:45 ` Chris Wright
2004-10-08 21:49 ` Lee Revell
2004-10-08 21:52 ` Chris Wright
2004-10-08 22:05 ` Lee Revell
2004-10-08 22:09 ` Chris Wright
2004-10-08 22:19 ` Chris Wright
2004-10-08 22:24 ` Chris Wright
2004-10-08 23:05 ` Lee Revell
2004-10-08 23:12 ` Chris Wright
2004-10-08 23:15 ` Lee Revell
2004-10-08 23:20 ` Chris Wright
2004-10-09 1:01 ` Jack O'Quin
2004-10-09 5:16 ` Chris Wright
2004-10-09 16:16 ` Jack O'Quin
2004-10-09 19:11 ` Chris Wright
2004-10-09 20:27 ` Jack O'Quin
2004-10-09 22:53 ` Chris Wright
2004-10-22 23:59 ` Jack O'Quin
2004-10-23 0:36 ` Lee Revell
2004-10-23 1:23 ` Jack O'Quin
2004-10-23 1:27 ` Lee Revell
2004-10-23 5:08 ` Jack O'Quin
2004-10-23 18:17 ` Jack O'Quin
2004-10-25 2:03 ` Jack O'Quin
2004-10-23 20:04 ` Chris Wright
2004-10-05 4:00 ` Jack O'Quin
2004-10-15 1:55 ` Rusty Russell
2004-10-15 2:08 ` Lee Revell
[not found] <87acu0p0nw.fsf@sulphur.joq.us>
2004-11-09 22:39 ` Jack O'Quin
2004-11-20 2:44 ` Lee Revell
2004-11-20 3:55 ` Lee Revell
2004-11-20 6:19 ` Jack O'Quin
2004-11-20 6:43 ` Lee Revell
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20041001154410.M1924@build.pdx.osdl.net \
--to=chrisw@osdl.org \
--cc=joq@io.com \
--cc=linux-kernel@vger.kernel.org \
--cc=realtime-lsm@modernduck.com \
--cc=rlrevell@joe-job.com \
--cc=torbenh@gmx.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox