On Fri, 08 Apr 2005 13:29:56 -0500, Robert Shearman wrote:
wineserver would need to be a setuid program but it could set CAP_SYS_NICE at startup and immediately reduce it's privileges back to normal.
There are a number of problems:
- I don't think that will work yet as the server process needs to have
the same user ID as the client processes.
You can distinguish between the "user id" and "effective user id" in POSIX. I don't remember the details but a suid binary can almost be two users at once.
- setuid binaries make
sysadmins nervous and would require a security audit by us. Yes, they don't need to make it setuid, but then the people who do could run their programs as root anyway.
Presumably only the code up until the point at which we drop privs needs to be audited though. Suid root binaries that drop privs are pretty common.
- setuid programs are a nasty hack that work
around limitation in the granularity of security in the kernel.
We could use SELinux to achieve the same effect, but it's less widely deployed and understood.
- This
approach won't generalize for other apps on the system that might want to control the relative priority of their threads, such as MPlayer.
*shrug* That's what SELinux is for. Why do we care about MPlayer in this specific instance?
thanks -mike