Hello!
To enable realtime scheduling the requesting process needs CAP_SYS_NICE.
Until now this meat running as root (and probably dropping all other
capabilities), either as root user, via a wrapper or with sudo [1].
running as root initially is not preferable, but probably the most used
practice.
With Linux kernel 2.6.24, file capabilities were enabled [2]. This means
you can run your apps with predefined capabilities without unleashing
the whole set powers at any time.
I manged to run ping without suid bit, and to run a minimal GNU Radio
script that simply enables realtime scheduling, but only with adding the
cabability to the python interpreter. I did not manage to assign the
CAP_SYS_NICE capability to a script and run it so that enablig realtime
scheduling was successful. It seems that I got the capability
inheritance wrong or maybe it is not working at all and scripts can not
be granted capabilities.
Did anyone have success until now with capabilities? I hope this will be
working out, as it would get us rid of running scripts as root.
Patrick
[1] [email protected]
http://thread.gmane.org/gmane.comp.gnu.radio.general/9789
[2] Seeing the world differently … – Say Hello, Wave Goodby
Engineers motto: cheap, good, fast: choose any two
Patrick S.
Student of Telematik, Techn. University Graz, Austria