
		    Realtime Linux Security Module

  Copyright (C) 2003 Torben Hohn
  Copyright (C) 2003, 2004 Jack O'Quin

This Linux Security Module (LSM) enables realtime capabilities.  It
was written by Torben Hohn and Jack O'Quin, who make no warranty
concerning the safety, security or even stability of your system when
using it.  It is provided under the provisions of the GPL (see the
file COPYING in this directory).

This LSM requires a 2.6 kernel.  It might work with a 2.4 kernel that
has the SELinux security hooks installed, but that has not been
tested.  

INSTALL gives a brief description of how to build and install this
program as a kernel module.

Once the LSM has been installed and the kernel for which it was built
is running, the root user can load it and pass parameters as follows:

  # modprobe realtime any=1

  Any program can request realtime privileges.  This allows any local
  user to crash the system by hogging the CPU in a tight loop or
  locking down too much memory.  But, it is simple to administer.  :-)

  # modprobe realtime gid=29

  All users belonging to group 29 and programs that are setgid to that
  group have realtime privileges.  Use any group number you like.

  # modprobe realtime mlock=0

  Grants realtime scheduling privileges without the ability to lock
  memory using mlock() or mlockall() system calls.  This option can be
  used in conjunction with any of the other options.

  # modprobe realtime allcaps=1

  Enables all capabilities, including CAP_SETPCAP.  This is equivalent
  to the 2.4 kernel capabilities patch.  It is needed for root
  programs to assign realtime capabilities to other processes.  This
  option can be used in conjunction with any of the other options.

  The JACK Audio Connection Kit (jackit.sourceforge.net) includes a
  `jackstart' program which uses CAP_SETPCAP to run the JACK daemon
  and its clients with realtime capabilities.

  There are serious security exposures with CAP_SETPCAP.  If an
  attacker manages to subvert some system daemon running with root
  privileges, it can use this capability to deny needed privileges to
  other root processes.
