[PlanetCCRMA] Fwd: jack2

Niels Mayer nielsmayer at gmail.com
Sun Apr 18 16:59:51 PDT 2010 

I was wondering what this message meant for CCRMA jack users. Currently I'm
at
jack-audio-connection-kit-1.9.4-1.fc12.ccrma.x86_64 ... is that considered
"jack2" ?? (I don't see a "jack2" package otherwise).

> Is there anyone who would object this change? Anyone not happy with jack2?

Not an objection, just a concern. Orcan's message included this, which
reminded me of a security issue I wanted to address:

... From: Adrian Knoth @ Debian:

> * Realtime permissions: our jackd package creates the file

   /etc/security/limits.d/audio.conf with the following content:


>    @audio   -  rtprio     95

   @audio   -  memlock    unlimited


CCRMA's jack-audio-connection-kit installs the following
in /etc/security/limits.conf

> ## Automatically appended by the Planet CCRMA jack-audio-connection-kit

* - rtprio 99

* - memlock 4194304

* - nice -10


Doesn't this mean (due to wildcards) that any app that asked for those privs
would get them? This seems like an unadvertized security ramification for
anybody that happened to install (not even use) jack-audio-connection-kit.

Isn't the proper Fedora/Linux/Un*x way to add users needing those privs to a
group like 'rtkit' 'jackuser' or 'audio' as is done in debian??

Per LIMITS.CONF(5):

>       The syntax of the lines is as follows:

       <domain> <type> <item> <value>

       The fields listed above should be filled as follows:

       <domain>

           ·   a username

           ·   a groupname, with @group syntax. This should not be confused

               with netgroups.

           ·   the wildcard *, for default entry.


The current settings make those limits the "default entry."  (I'm wondering
if some other process accidentally achieving too much realtime prio caused
the priority deadlock described here:
http://old.nabble.com/help-w--qjackctl-locks-up-X-GUI-(perhaps-caused-by-dbus-or-kernel-2.6.32.11-99.fc12.x86_64)-to28221239.html
 )

Niels
http://nielsmayer.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://ccrma-mail.stanford.edu/pipermail/planetccrma/attachments/20100418/466a002d/attachment.html

More information about the PlanetCCRMA mailing list