Hi Ralf, On 11/01/17 14:25, Ralf Mattes wrote: > > Am Mittwoch, 11. Januar 2017 14:20 CET, Felipe Ferreri Tonello > <e...@felipetonello.com> schrieb: > >> Hi Ralf, >> >> On 11/01/17 12:52, Ralf Mattes wrote: >>> >>> Am Mittwoch, 11. Januar 2017 13:21 CET, Felipe Ferreri Tonello >>> <e...@felipetonello.com> schrieb: >>> >>>> Hi Ralf, >>>> >>>> On 03/01/17 21:37, Ralf Mattes wrote: >>>>> >>>>> Am Dienstag, 03. Januar 2017 19:31 CET, Felipe Ferreri Tonello >>>>> <e...@felipetonello.com> schrieb: >>>>> >>>>> >>>>>> If sched_setscheduler() returns -1, check if errno is set to EPERM. In >>>>>> this case the user trying to perform this operation does not have >>>>>> CAP_SYS_NICE[1] capability, which is *required*. >>>>>> >>>>>> [1] http://man7.org/linux/man-pages/man7/capabilities.7.html >>>>>> >>>>>> If you want this type of feature, set CAP_SYS_NICE to the group audio >>>>>> that you are referring. >>>>> >>>>> ??? How can I grant capabilities to a group? I thought capabilites where >>>>> either given to >>>>> a user (via /etc/security/capability.conf) or to a binary (by means of >>>>> setcap). >>>> >>>> AFAIK, pam_cap support users and groups. >>> >>> Not according to my local manpages (pam_cap(8) 09/23/2011 and >>> CAPABILITY.CONF(5) -- 09/23/2011). >>> Do you have any y reference for your information? >> >> I never tested, but try out based on this reference[1] paragraph 2.2. > > Yes, but that paragraph seems to be simply wrong. And the code you link to > in [3] clearly shows that. > >> Apparently there are two implementations for pam_cap. One supports the >> other doesn't. > > No. That's wrong. pam_cap doesn't support caps by group, your second link > points > the pam_capability module. IIRC that was only ever available in OpenSuse. The > git log > (single line ...) of that repository doesn't really make me want to integrate > it into a seccurity > service. >
If that feature is really important for you, you can always patch pam_cap.c from lipcap2. It seems like a nice feature to have, IMO. -- Felipe
0x92698E6A.asc
Description: application/pgp-keys
_______________________________________________ Linux-audio-dev mailing list Linux-audio-dev@lists.linuxaudio.org http://lists.linuxaudio.org/listinfo/linux-audio-dev
