Re: 2.5.74-mm1

Daniel Phillips (phillips@arcor.de)
Mon, 7 Jul 2003 14:24:06 +0200

On Monday 07 July 2003 12:00, Mel Gorman wrote:
> On Sun, 6 Jul 2003, Daniel Phillips wrote:
> > > > What are you going to do if you have one
> > > > application you want to take priority, re-nice the other 50?
> > >
> > > Is that effective? It might be just the trick.
> >
> > Point.
>
> Alternatively, how about using PAM to grant the CAP_SYS_NICE capability to
> known interactive users that require it. Presumably the number of users
> that require it is very small (in the case of the music player, only one)
> so it wouldn't be a major security issue.

And set up distros to grant it by default. Yes.

The problem I see is that it lets user space priorities invade the range of
priorities used by root processes. What's really needed is a range of
negative priorities available to normal users that are not normally used by
root.

In retrospect, the idea of renicing all the applications but the realtime one
doesn't work, because it doesn't take care of applications started
afterwards.

> There is something along these lines at http://www.pamcap.org but it
> requires some patching to the kernel (only available against 2.4.18
> currently) to inherit capabilities across exec and, from what I gather at
> a quick glance, to allow capabilities to be set for a process group.

Regards,

Daniel

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/