On Wed, Nov 12, 2014 at 9:14 AM, Rashif Ray Rahman <schiv@archlinux.org> wrote:
I am looking to provide support for a 'realtime' group, for use with not just audio/video but any other/future applications of real-time.
The 'audio' group will "remain" for backward compatibility, indefinitely. I can therefore either create the new group or users have to do it.
If I choose to create the group then I'd have to do it from within a package since multiple other packages are affected (jack*).
--[ background ]-- Historically, the audio group for real-time multimedia has served two purposes:
1. Permissions for real-time scheduling (i.e. PAM) 2. Permissions for device access (e.g. FireWire, RTC, HPET)
This new group relates mostly to (1). In the event the 'audio' group proves to be a problem for devices, the new group can be used.
This means that a jack user will be in both the 'audio' and 'realtime' groups in this new scheme. --[ background ]--
If nobody objects I'll go ahead and create a new package that creates the new group and configures the relevant permissions.
The approach of handing out real-time permissions via group or even to individual users isn't secure, as even the minimum RT priority of 1 can be used to DOS the system. We really want something else for future applications. Perhaps we can push systemd into adding a TODO to gain something similar to realtimekit for use by both applications and systemd user services.