On 5/24/06, Lee Revell <rlrevell@xxxxxxxxxxx> wrote:
On Wed, 2006-05-24 at 19:08 +0100, Rui Nuno Capela wrote: > Jack O'Quin wrote: > > > > The required components are now available, and are being provided > > by a few leading-edge distributions. Had you installed Ubuntu Dapper > > Drake (which is not yet officially released), you would not have seen > > any problem. They chose to include the PAM patches and authorize > > all users to start realtime threads be default. That is a reasonable > > choice for them (given their goals), but would not be appropriate for > > most other distributions. > > > > OpenSUSE 10.1, which has been officially released a couple of weeks ago, > also is PAM ready. However, it's not OOTB. You'll have to add the > relevant entries to /etc/security/limits.conf, like for example these > ones where realtime capabilities are given only to users who belong to > the "audio" group: > > @audio - rtprio 90 > @audio - nice -10 > @audio - memlock 4000000 Ubuntu does not have these lines OOTB, you also have to add them. No distro with a "secure by default" policy could enable this out of the box as it allows non-root users to lock up the machine.
Dapper came up "insecure by default" for me. Knowing about this stuff, I added something similar, restricting access to group "audio". I figured they had done it intentionally (so things would "just work"). Maybe they consider it a bug and have "fixed" it? -- joq
