[arch-dev-public] Realtime group and possible helper package

[Jan Alexander Steffens]

On Wed, Nov 12, 2014 at 9:14 AM, Rashif Ray Rahman <schiv at archlinux.org> wrote:
> I am looking to provide support for a 'realtime' group, for use with
> not just audio/video but any other/future applications of real-time.
>
> The 'audio' group will "remain" for backward compatibility,
> indefinitely. I can therefore either create the new group or users
> have to do it.
>
> If I choose to create the group then I'd have to do it from within a
> package since multiple other packages are affected (jack*).
>
> --[ background ]--
> Historically, the audio group for real-time multimedia has served two purposes:
>
> 1. Permissions for real-time scheduling (i.e. PAM)
> 2. Permissions for device access (e.g. FireWire, RTC, HPET)
>
> This new group relates mostly to (1). In the event the 'audio' group
> proves to be a problem for devices, the new group can be used.
>
> This means that a jack user will be in both the 'audio' and 'realtime'
> groups in this new scheme.
> --[ background ]--
>
> If nobody objects I'll go ahead and create a new package that creates
> the new group and configures the relevant permissions.

The approach of handing out real-time permissions via group or even to
individual users isn't secure, as even the minimum RT priority of 1
can be used to DOS the system. We really want something else for
future applications. Perhaps we can push systemd into adding a TODO to
gain something similar to realtimekit for use by both applications and
systemd user services.