Ubuntu
rtkit package

[MIR] rtkit

Bug #396396 reported by Luke Yelavich
12
This bug affects 1 person
Affects Status Importance Assigned to Milestone
rtkit (Ubuntu)
Fix Released
Undecided
Unassigned

Bug Description

RealtimeKit is a D-Bus system service that changes the scheduling policy of user processes/threads to SCHED_RR (i.e. realtime scheduling mode) on request. It is intended to be used as a secure mechanism to allow real-time scheduling to be used by normal user processes.

It will be used as a runtime dependency of pulseaudio to allow pulseaudio to get high priority for audio playback.

http://wiki.ubuntu.com/MainInclusionReportRtKit

 affects ubuntu/rtkit
 subscribe ubuntu-mir

Martin Pitt (pitti)
Changed in rtkit (Ubuntu):
assignee: nobody → Kees Cook (kees)
summary: - Main inclusion request for rtkit.
+ [MIR] rtkit
Revision history for this message
Kees Cook (kees) wrote :

CAP_SYS_PTRACE is extremely powerful, and seems to only be used for debugging (reporting which executable was made RT). I would prefer that CAP_SYS_PTRACE was not included in the capabilities for this daemon. I do like that is chroots itself, though.

Additionally, I would prefer that it drop privileges earlier -- it opens syslog, dbus, etc before dropping privs. Can priv-dropping be moved earlier?

Changed in rtkit (Ubuntu):
status: New → Incomplete
Revision history for this message
Luke Yelavich (themuso) wrote : Re: [Bug 396396] Re: [MIR] rtkit

Ok, removing CAP_SYS_PTRACE doesn't break anything when tested, the syslog simply does not contain any details about what process had what privileges dropped etc. As for dropping privileges earlier, it seems that so far as I have tested, this is not possible, due to rtkit requiring the system dbus socket:
rtkit-daemon[585]: Failed to connect to system bus: Failed to connect to socket /var/run/dbus/system_bus_socket: No such file or directory

I am currently not able to see any other way that this can be worked around in the code. If someone else could take a peak and make a suggestion, I'd appreciate it.

Thanks

 affects ubuntu/rtkit
 status new

Changed in rtkit (Ubuntu):
status: Incomplete → New
Revision history for this message
Kees Cook (kees) wrote :

With CAP_SYS_PTRACE gone, I'll be happy with it. :) Once uploaded with that fixed, it's a +1 for me. Thanks!

Changed in rtkit (Ubuntu):
status: New → Fix Committed
Revision history for this message
Martin Pitt (pitti) wrote :

in component-mismatches, promoted

Changed in rtkit (Ubuntu):
assignee: Kees Cook (kees) → nobody
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.