mirrors/pulseaudio
1
0
Fork 0
mirror of https://gitlab.freedesktop.org/pulseaudio/pulseaudio.git synced 2025-12-16 08:56:40 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

man: remove outdated information about real-time scheduling

Browse source 
The pulse-rt group doesn't exist any more, and rtkit exists to make it
safe to acquire real-time scheduling for regular users.
This commit is contained in:
Tanu Kaskinen 2019-11-14 19:56:39 +02:00
parent 28347d0602
commit 6f28865950
1 changed files with 9 additions and 40 deletions
Download patch file Download diff file Expand all files Collapse all files

49
man/pulseaudio.1.xml.in
View file

@ -149,7 +149,7 @@ License along with PulseAudio; if not, see <http://www.gnu.org/licenses/>.
<optdesc><p>Try to acquire a high Unix nice level. This will <optdesc><p>Try to acquire a high Unix nice level. This will
only succeed if the calling user has a non-zero RLIMIT_NICE only succeed if the calling user has a non-zero RLIMIT_NICE
resource limit set (on systems that support this), or we're resource limit set (on systems that support this), or we're
called SUID root (see below), or we are configure to be run as configured to be run as
system daemon (see <arg>--system</arg> above). It is recommended system daemon (see <arg>--system</arg> above). It is recommended
to enable this, since it is only a negligible security risk (see to enable this, since it is only a negligible security risk (see
below).</p></optdesc> below).</p></optdesc>
@ -161,11 +161,9 @@ License along with PulseAudio; if not, see <http://www.gnu.org/licenses/>.
<optdesc><p>Try to acquire a real-time scheduling for <optdesc><p>Try to acquire a real-time scheduling for
PulseAudio's I/O threads. This will only succeed if the calling PulseAudio's I/O threads. This will only succeed if the calling
user has a non-zero RLIMIT_RTPRIO resource limit set (on systems user has a non-zero RLIMIT_RTPRIO resource limit set (on systems
that support this), or we're called SUID root (see below), or we that support this), or rtkit is available and allows PulseAudio
are configure to be run as system daemon (see to enable real-time scheduling, or we are configured to be run as
<arg>--system</arg> above). It is recommended to enable this system daemon (see <arg>--system</arg> above).</p></optdesc>
only for trusted users, since it is a major security risk (see
below).</p></optdesc>
</option> </option>
<option> <option>
@ -400,12 +398,6 @@ License along with PulseAudio; if not, see <http://www.gnu.org/licenses/>.
<section name="UNIX Groups and users"> <section name="UNIX Groups and users">
<p>Group <arg>pulse-rt</arg>: if the PulseAudio binary is marked
SUID root, then membership of the calling user in this group
decides whether real-time and/or high-priority scheduling is
enabled. Please note that enabling real-time scheduling is a
security risk (see below).</p>
<p>Group <arg>pulse-access</arg>: if PulseAudio is running as a system <p>Group <arg>pulse-access</arg>: if PulseAudio is running as a system
daemon (see <opt>--system</opt> above) access is granted to daemon (see <opt>--system</opt> above) access is granted to
members of this group when they connect via AF_UNIX sockets. If members of this group when they connect via AF_UNIX sockets. If
@ -426,38 +418,15 @@ License along with PulseAudio; if not, see <http://www.gnu.org/licenses/>.
latency of the PulseAudio daemon from the system load and is thus latency of the PulseAudio daemon from the system load and is thus
the best way to make sure that PulseAudio always gets CPU time the best way to make sure that PulseAudio always gets CPU time
when it needs it to refill the hardware playback when it needs it to refill the hardware playback
buffers. Unfortunately this is a security risk on most systems, buffers. Unfortunately this can be a security risk on some systems,
since PulseAudio runs as user process, and giving realtime since PulseAudio runs as user process, and giving realtime
scheduling privileges to a user process always comes with the risk scheduling privileges to a user always comes with the risk
that the user misuses it to lock up the system -- which is that the user misuses it to lock up the system -- which is
possible since making a process real-time effectively disables possible since making a process real-time effectively disables
preemption.</p> preemption. To solve this problem, PulseAudio uses rtkit to safely
acquire real-time scheduling when available.</p>
<p>To minimize the risk PulseAudio by default does not enable <p>If the risk of locking up the machine is
real-time scheduling. It is however recommended to enable it
on trusted systems. To do that start PulseAudio with
<opt>--realtime</opt> (see above) or enabled the appropriate option in
<file>daemon.conf</file>. Since acquiring realtime scheduling is a
privileged operation on most systems, some special changes to the
system configuration need to be made to allow them to the calling
user. Two options are available:</p>
<p>On newer Linux systems the system resource limit RLIMIT_RTPRIO
(see <manref name="setrlimit" section="2"/> for more information)
can be used to allow specific users to acquire real-time
scheduling. This can be configured in
<file>/etc/security/limits.conf</file>, a resource limit of 9 is recommended.</p>
<p>Alternatively, the SUID root bit can be set for the PulseAudio
binary. Then, the daemon will drop root privileges immediately on
startup, however retain the CAP_NICE capability (on systems that
support it), but only if the calling user is a member of the
<arg>pulse-rt</arg> group (see above). For all other users all
capabilities are dropped immediately. The advantage of this
solution is that the real-time privileges are only granted to the
PulseAudio daemon -- not to all the user's processes.</p>
<p>Alternatively, if the risk of locking up the machine is
considered too big to enable real-time scheduling, high-priority considered too big to enable real-time scheduling, high-priority
scheduling can be enabled instead (i.e. negative nice level). This scheduling can be enabled instead (i.e. negative nice level). This
can be enabled by passing <opt>--high-priority</opt> (see above) can be enabled by passing <opt>--high-priority</opt> (see above)