[PD] Re: gentoo realtime-lsm for pd+jack realtime?
Frank Barknecht
fbar at footils.org
Tue Dec 28 20:24:47 CET 2004
Hallo,
chun lee hat gesagt: // chun lee wrote:
> Hi derek:
>
> Thanks for the reply;)
>
> > First: yes, ALSA wants to be modules. Always. You can either compile the
> > built-in ALSA as modules, or emerge the alsa-driver package.
>
> Argh, I have ALSA compiled not as modules, I will compile it again and see
> what happens.
Is this really necessary? Although it is more conventient to have ALSA
as modules (and everyone does it) it should not affect the realtime
module, as this is not dealing with ALSA at all. Of course ALSA should
work for Jack to work.
However the kernel modules for LSM must be modules for jackd to work,
like:
$ ls /lib/modules/2.6.9/kernel/security/
capability.ko commoncap.ko realtime.ko
Beware though that there is a newly discovered security flaw in the
LSM modules:
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2004-12/0390.html
Bottom line: Loading the LSM modules will give all already running
processes root capabilities. A cracker's dream!!!
I *think* that loading the modules very early in the boot process
could prevent that as a quick fix, however the above mentioned patch
is the cleaner solution.
Ciao
--
Frank Barknecht _ ______footils.org__
More information about the Pd-list
mailing list