[arch-dev-public] Realtime group and possible helper package
Rashif Ray Rahman
schiv at archlinux.org
Wed Nov 12 12:41:30 UTC 2014
On 12 November 2014 14:29, Gaetan Bisson <bisson at archlinux.org> wrote:
> What would this package provide? If it's only a group, then shouldn't
> this simply be part of filesystem?
It would provide a group that has security implications, apply pam
limits, and some udev perms. I only mentioned a helper package to
minimize unwanted intervention, also limiting the security risk to a
niche group of users.
> In addition, could you give a list of all packages you expect to use
> this new realtime group (particularly those that do not fit the current
> audio/video groups)?
The current application for real-time scheduling is only multimedia,
so only the following packages are involved:
The pam security limits are set per package here, and udev rules are
added for real-time timer devices. Until systemd/pulseaudio there was
no problem with this setup (i.e. the audio group).
Other distros usually just let their users go through the necessary
hoops.  I personally never saw the reason to be that pedantic so I
began incorporating those hoops into the jack packages some time ago.
TL;DR: I can choose to provide a new group or let users manage this
themselves. If I do create a group for them, it must be from within an
existing or a new (meta) package. An existing package implies a
greater security risk.
(see "Access to realtime scheduling")
GPG/PGP ID: C0711BF1
More information about the arch-dev-public