[arch-proaudio] package gcr breaks real-time settings
Fons Adriaensen
fons at linuxaudio.org
Sun Sep 2 14:55:49 UTC 2018
On Sun, Sep 02, 2018 at 01:59:46PM +0200, David Runge wrote:
> .... The use of the plain /etc/security/limits.conf
> is discouraged over the use of drop-in files in /etc/security/limits.d
> anyways! Please use those!
Well, I have mixed feelings about these 'drop-in' directories which
seem to pop up everywhere. They may be very convenient for 'vendors'
(the one who introduced that concept to Linux should be shot) but
they are are a security nightmare for the local admin. Instead of
having to check one file which defines some policy, you now have
to check a whole collection every time some 'vendor' could have
'dropped' something. Somehow this reminds me of dogs.
Take systemd's logind. You have to verify a config file and *three*
directories in order to have any idea of how things are configured
in the end. And oh, yes, you can override everything in /etc. But
that effectively means you need to opt out of whatever some 'vendor'
pushes down your throat. Not once, but everytime you update.
Re. this 'realtime' group: I don't like that either. Groups define
a set of users with common needs. So *all* features or permissions
that members of a group need should be made dependent on being a
member of that group and nothing else. This is entirely the opposite
of defining groups for one particular feature such as real time and
then requiring users to be a member of all of them.
For what it's worth, I noticed that after upgrading to kernel 4.18
I had to increase the memlock limit to avoid error messages almost
all audio applications.
Ciao,
--
FA
More information about the arch-proaudio
mailing list