mirror of
https://gitlab.freedesktop.org/pulseaudio/pulseaudio.git
synced 2025-10-29 05:40:23 -04:00
man: remove outdated information about real-time scheduling
The pulse-rt group doesn't exist any more, and rtkit exists to make it safe to acquire real-time scheduling for regular users.
This commit is contained in:
Tanu Kaskinen
parent
28347d0602
commit
6f28865950
1 changed files with 9 additions and 40 deletions
|
|
@ -149,7 +149,7 @@ License along with PulseAudio; if not, see <http://www.gnu.org/licenses/>.
|
|||
<optdesc><p>Try to acquire a high Unix nice level. This will
|
||||
only succeed if the calling user has a non-zero RLIMIT_NICE
|
||||
resource limit set (on systems that support this), or we're
|
||||
called SUID root (see below), or we are configure to be run as
|
||||
configured to be run as
|
||||
system daemon (see <arg>--system</arg> above). It is recommended
|
||||
to enable this, since it is only a negligible security risk (see
|
||||
below).</p></optdesc>
|
||||
|
|
@ -161,11 +161,9 @@ License along with PulseAudio; if not, see <http://www.gnu.org/licenses/>.
|
|||
<optdesc><p>Try to acquire a real-time scheduling for
|
||||
PulseAudio's I/O threads. This will only succeed if the calling
|
||||
user has a non-zero RLIMIT_RTPRIO resource limit set (on systems
|
||||
that support this), or we're called SUID root (see below), or we
|
||||
are configure to be run as system daemon (see
|
||||
<arg>--system</arg> above). It is recommended to enable this
|
||||
only for trusted users, since it is a major security risk (see
|
||||
below).</p></optdesc>
|
||||
that support this), or rtkit is available and allows PulseAudio
|
||||
to enable real-time scheduling, or we are configured to be run as
|
||||
system daemon (see <arg>--system</arg> above).</p></optdesc>
|
||||
</option>
|
||||
|
||||
<option>
|
||||
|
|
@ -400,12 +398,6 @@ License along with PulseAudio; if not, see <http://www.gnu.org/licenses/>.
|
|||
|
||||
<section name="UNIX Groups and users">
|
||||
|
||||
<p>Group <arg>pulse-rt</arg>: if the PulseAudio binary is marked
|
||||
SUID root, then membership of the calling user in this group
|
||||
decides whether real-time and/or high-priority scheduling is
|
||||
enabled. Please note that enabling real-time scheduling is a
|
||||
security risk (see below).</p>
|
||||
|
||||
<p>Group <arg>pulse-access</arg>: if PulseAudio is running as a system
|
||||
daemon (see <opt>--system</opt> above) access is granted to
|
||||
members of this group when they connect via AF_UNIX sockets. If
|
||||
|
|
@ -426,38 +418,15 @@ License along with PulseAudio; if not, see <http://www.gnu.org/licenses/>.
|
|||
latency of the PulseAudio daemon from the system load and is thus
|
||||
the best way to make sure that PulseAudio always gets CPU time
|
||||
when it needs it to refill the hardware playback
|
||||
buffers. Unfortunately this is a security risk on most systems,
|
||||
buffers. Unfortunately this can be a security risk on some systems,
|
||||
since PulseAudio runs as user process, and giving realtime
|
||||
scheduling privileges to a user process always comes with the risk
|
||||
scheduling privileges to a user always comes with the risk
|
||||
that the user misuses it to lock up the system -- which is
|
||||
possible since making a process real-time effectively disables
|
||||
preemption.</p>
|
||||
preemption. To solve this problem, PulseAudio uses rtkit to safely
|
||||
acquire real-time scheduling when available.</p>
|
||||
|
||||
<p>To minimize the risk PulseAudio by default does not enable
|
||||
real-time scheduling. It is however recommended to enable it
|
||||
on trusted systems. To do that start PulseAudio with
|
||||
<opt>--realtime</opt> (see above) or enabled the appropriate option in
|
||||
<file>daemon.conf</file>. Since acquiring realtime scheduling is a
|
||||
privileged operation on most systems, some special changes to the
|
||||
system configuration need to be made to allow them to the calling
|
||||
user. Two options are available:</p>
|
||||
|
||||
<p>On newer Linux systems the system resource limit RLIMIT_RTPRIO
|
||||
(see <manref name="setrlimit" section="2"/> for more information)
|
||||
can be used to allow specific users to acquire real-time
|
||||
scheduling. This can be configured in
|
||||
<file>/etc/security/limits.conf</file>, a resource limit of 9 is recommended.</p>
|
||||
|
||||
<p>Alternatively, the SUID root bit can be set for the PulseAudio
|
||||
binary. Then, the daemon will drop root privileges immediately on
|
||||
startup, however retain the CAP_NICE capability (on systems that
|
||||
support it), but only if the calling user is a member of the
|
||||
<arg>pulse-rt</arg> group (see above). For all other users all
|
||||
capabilities are dropped immediately. The advantage of this
|
||||
solution is that the real-time privileges are only granted to the
|
||||
PulseAudio daemon -- not to all the user's processes.</p>
|
||||
|
||||
<p>Alternatively, if the risk of locking up the machine is
|
||||
<p>If the risk of locking up the machine is
|
||||
considered too big to enable real-time scheduling, high-priority
|
||||
scheduling can be enabled instead (i.e. negative nice level). This
|
||||
can be enabled by passing <opt>--high-priority</opt> (see above)
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue