diff options
| author |   Armando Di Cianno <fafhrd@gentoo.org> | 2004-10-23 05:31:00 +0000 |
|---|---|---|
| committer | Armando Di Cianno <fafhrd@gentoo.org> | 2004-10-23 05:31:00 +0000 |
| commit | d4998f72c023060975f99bd3fec54b117e2b0e1e (patch) | |
| tree | 418dc242922c584e04f414816287c2a8f8968d36 /sys-apps/realtime-lsm/metadata.xml | |
| parent | Removing macos keywords. (diff) | |
| download | gentoo-2-d4998f72c023060975f99bd3fec54b117e2b0e1e.tar.gz gentoo-2-d4998f72c023060975f99bd3fec54b117e2b0e1e.tar.bz2 gentoo-2-d4998f72c023060975f99bd3fec54b117e2b0e1e.zip | |
Original package import of realtime-lsm: Linux security module used to authorize realtime capabilties without kernel hackery; requires SELinux configuration in kernel.
Diffstat (limited to 'sys-apps/realtime-lsm/metadata.xml')
| -rw-r--r-- | sys-apps/realtime-lsm/metadata.xml | 44 |
1 files changed, 44 insertions, 0 deletions
diff --git a/sys-apps/realtime-lsm/metadata.xml b/sys-apps/realtime-lsm/metadata.xml new file mode 100644 index 000000000000..82797fcc0da4 --- /dev/null +++ b/sys-apps/realtime-lsm/metadata.xml @@ -0,0 +1,44 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> +<pkgmetadata> +<herd>no-herd</herd> +<maintainer> + <email>fafhrd@gentoo.org</email> + <description>My main herd is gnustep, and I'm developing audio backends for that; I use jack-audio-connection-kit heavily, and this module makes its realtime capability use quite straight-forward w/o kernel hackery.</description> +</maintainer> +<longdescription> +Realtime Linux Security Module + +This Linux Security Module (LSM) enables realtime capabilities. + +Options: + +# modprobe realtime any=1 + +Any program can request realtime privileges. This allows any local +user to crash the system by hogging the CPU in a tight loop or +locking down too much memory. But, it is simple to administer. :-) + +# modprobe realtime gid=29 + +All users belonging to group 29 and programs that are setgid to that +group have realtime privileges. Use any group number you like. + +# modprobe realtime mlock=0 + +Grants realtime scheduling privileges without the ability to lock +memory using mlock() or mlockall() system calls. This option can be +used in conjunction with any of the other options. + +# modprobe realtime allcaps=1 + +Enables all capabilities, including CAP_SETPCAP. This is equivalent +to the 2.4 kernel capabilities patch. It is needed for root +programs to assign realtime capabilities to other processes. This +option can be used in conjunction with any of the other options. + +The JACK Audio Connection Kit (jackit.sourceforge.net) includes a +jackstart program which uses CAP_SETPCAP to run the JACK daemon +and its clients with realtime capabilities. +</longdescription> +</pkgmetadata> |