Am Mittwoch, 11. Januar 2017 14:20 CET, Felipe Ferreri Tonello <e...@felipetonello.com> schrieb: > Hi Ralf, > > On 11/01/17 12:52, Ralf Mattes wrote: > > > > Am Mittwoch, 11. Januar 2017 13:21 CET, Felipe Ferreri Tonello > > <e...@felipetonello.com> schrieb: > > > >> Hi Ralf, > >> > >> On 03/01/17 21:37, Ralf Mattes wrote: > >>> > >>> Am Dienstag, 03. Januar 2017 19:31 CET, Felipe Ferreri Tonello > >>> <e...@felipetonello.com> schrieb: > >>> > >>> > >>>> If sched_setscheduler() returns -1, check if errno is set to EPERM. In > >>>> this case the user trying to perform this operation does not have > >>>> CAP_SYS_NICE[1] capability, which is *required*. > >>>> > >>>> [1] http://man7.org/linux/man-pages/man7/capabilities.7.html > >>>> > >>>> If you want this type of feature, set CAP_SYS_NICE to the group audio > >>>> that you are referring. > >>> > >>> ??? How can I grant capabilities to a group? I thought capabilites where > >>> either given to > >>> a user (via /etc/security/capability.conf) or to a binary (by means of > >>> setcap). > >> > >> AFAIK, pam_cap support users and groups. > > > > Not according to my local manpages (pam_cap(8) 09/23/2011 and > > CAPABILITY.CONF(5) -- 09/23/2011). > > Do you have any y reference for your information? > > I never tested, but try out based on this reference[1] paragraph 2.2.
Yes, but that paragraph seems to be simply wrong. And the code you link to in [3] clearly shows that. > Apparently there are two implementations for pam_cap. One supports the > other doesn't. No. That's wrong. pam_cap doesn't support caps by group, your second link points the pam_capability module. IIRC that was only ever available in OpenSuse. The git log (single line ...) of that repository doesn't really make me want to integrate it into a seccurity service. Cheers, RalfD > > [1] > http://blog.sevagas.com/?Linux-security-using-a-limited-group-PAM-modules > [2] https://github.com/ekline/pamcap/blob/master/pam_capability.c > [3] https://github.com/pexip/os-libcap2/blob/master/pam_cap/pam_cap.c > > Good luck. > > -- > Felipe _______________________________________________ Linux-audio-dev mailing list Linux-audio-dev@lists.linuxaudio.org http://lists.linuxaudio.org/listinfo/linux-audio-dev
