priority logic in main seems broken

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Wed, 16.01.08 12:48, David K?gedal (davidk at lysator.liu.se) wrote:

> >     if (suid_root) {
> >         /* Drop all capabilities except CAP_SYS_NICE  */
> >         pa_limit_caps();
> 
> But setrlimit(2) says that it wants CAP_SYS_RESOURCE.

It requires so only for increasing the resource limits, not for
decreasing them.

> >     pa_log_set_maximal_level(conf->log_level);
> >     pa_log_set_target(conf->auto_log_target ? PA_LOG_STDERR : conf->log_target, NULL);
> > 
> >     if (suid_root) {
> >         /* Ok, we're suid root, so let's better not enable high prio
> >          * or RT by default */
> 
> So now the commented-out default value in daemon.conf is no longer
> correct?  So I give --high-priority=yes just to be sure.

This section makes sure that you only get rt/hp sched if your admin
allowed you to. The admin can allow this either via Polkit or by
adding you to the pulse-rt group. If neither is the case, then you
will not get rt/hp sched, regardless what you configured in your
configuration file. It's that simple.

> This is the non-suid case.
> 
> >         /* OK, we're a normal user, so let's allow the user evrything
> >          * he asks for, it's now the kernel's job to enforce limits,
> >          * not ours anymore */
> >         allow_high_priority = allow_realtime = TRUE;
> >     }
> > 
> >     if (conf->high_priority && !allow_high_priority) {
> >         pa_log_info("High-priority scheduling enabled in configuration but now allowed by policy. Disabling forcibly.");
> >         conf->high_priority = FALSE;
> >     }
> > 
> >     if (conf->realtime_scheduling && !allow_realtime) {
> >         pa_log_info("Real-time scheduling enabled in configuration but now allowed by policy. Disabling forcibly.");
> >         conf->realtime_scheduling = FALSE;
> >     }
> > 
> >     if (conf->high_priority && conf->cmd == PA_CMD_DAEMON)
> >         pa_raise_priority(conf->nice_level);
> 
> At this point, I get the following log message:
> 
> W: core-util.c: setpriority(): Permission denied
> 
> I suspect that since the -11 nice value breaks a resource limit, we
> should have called setrlimit to change it before dropping
> CAP_SYS_RESOURCE.

Uh? We kept CAP_SYS_NICE. Which is all that is necessary to get high
priority scheduling. You don't need CAP_SYS_RESOURCE for this.

Lennart

-- 
Lennart Poettering                        Red Hat, Inc.
lennart [at] poettering [dot] net         ICQ# 11060553
http://0pointer.net/lennart/           GnuPG 0x1A015CC4
[Index of Archives]     [Linux Audio Users]     [AMD Graphics]     [Linux USB Devel]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux