There is actually three ways to obtain root privileges for Realtime. The first way is to use the "Realtime LSM" module. But this way is pretty deprecated and should not be used nowdays. The second way is to use a little tool named set_rlimits. This way is ok, but it should only be used when the PAM library does not support "rlimits" operations. The third way is the right way: it consist on using PAM.
This way is not recommended.
The Realtime Linux Security Module (LSM) is a loadable extension for Linux 2.6 kernels. It selectively grants realtime permissions to specific user groups or applications.
First, retreive the last CVS version:
$ cvs -d:pserver:anonymous@realtime-lsm.cvs.sourceforge.net:/cvsroot/realtime-lsm login $ cvs -z3 -d:pserver:anonymous@realtime-lsm.cvs.sourceforge.net:/cvsroot/realtime-lsm co -P realtime-lsm
The apply the rt-lsm-kernel.patch kernel patch on you Linux kernel:
$ cd /usr/src/linux/ $ patch -p1 ../realtime-lsm/rt-lsm-kernel.patch $ make menuconfig $ make $ su -c "make modules_install" $ su -c "make install"
Your
kernel configuration section should be like the following:
Security options ---> [ ] Enable access key retention support [*] Enable different security models [ ] Socket and Networking Security Hooks <M> Default Linux Capabilities < > Root Plug Support < > BSD Secure Levels <M> Realtime Capabilities
If you do not see the depends
option).
Reboot with your new kernel.
![]() | Do not forget to repeat this step every time you rebuild a new kernel. |
Then if you do not care about security, just do modprobe realtime any=1 to load the module and to allow its use for every users of your system. If you want to allow only the audio group to access realtime capacities, check that your current user is in the audio group and load realtime module by passing it the gid of the group to allow:
# addgroup youruser audio # modprobe realtime gid=$(grep audio /etc/group | cut -d':' -f3) any=1
If you want to load this module at boot time on Debian, do the following:
$ su # echo "options realtime any=1" > /etc/modprobe.d/realtime # echo "realtime" >> /etc/modules
This way is not recommended.
set_rlimits is a small wrapper program to allow people to take advantage of he realtime resource limit extensions available in Linux kernels 2.6.12 and later without having to resort to using a PAM module. This method was ok when PAM was not supporting kernel's rlimits operations.
Download it here.
First, edit the Makefile file and change the PREFIX
variable to /usr/local to /usr/bin. Then uncompress it, rebuild it and install it:
$ make clean $ make $ su -c "make install"
Once it is installed, edit the /etc/set_rlimits.conf file and add the following line at the end:
@audio /usr/bin/qjackctl nice=-1 rtprio=80
Now you will be able to execute qjackctl (see Section 3.2) with all necessary privileges, and it will be able to execute jackd (see Section 3.1) with realtime privileges [1].
This is the right way :-)
PAM configuration is the better choice. Basically it only consists on updating the PAM limits configuration in /etc/security/limits.conf[2] to fit your needs:
@audio - rtprio 100 @audio - nice -10 @audio - memlock unlimited
This will allow all software executed by audio group members to access realtime and to consume memory without restriction.
Done!
[1] | Execute it like that: set_rlimits -r /usr/bin/qjackctl |
[2] | You should be able to use a more distro friendly solution by creating a directory called /etc/security/limits.d/ and write your configuration in a file called audio.conf. |