<optdesc><p>Try to acquire a high Unix nice level. This will
only succeed if the calling user has a non-zero RLIMIT_NICE
resource limit set (on systems that support this), or we're
- called SUID root (see below), or we are configure to be run as
+ configured to be run as
system daemon (see <arg>--system</arg> above). It is recommended
to enable this, since it is only a negligible security risk (see
below).</p></optdesc>
<optdesc><p>Try to acquire a real-time scheduling for
PulseAudio's I/O threads. This will only succeed if the calling
user has a non-zero RLIMIT_RTPRIO resource limit set (on systems
- that support this), or we're called SUID root (see below), or we
- are configure to be run as system daemon (see
- <arg>--system</arg> above). It is recommended to enable this
- only for trusted users, since it is a major security risk (see
- below).</p></optdesc>
+ that support this), or rtkit is available and allows PulseAudio
+ to enable real-time scheduling, or we are configured to be run as
+ system daemon (see <arg>--system</arg> above).</p></optdesc>
</option>
<option>
<section name="UNIX Groups and users">
- <p>Group <arg>pulse-rt</arg>: if the PulseAudio binary is marked
- SUID root, then membership of the calling user in this group
- decides whether real-time and/or high-priority scheduling is
- enabled. Please note that enabling real-time scheduling is a
- security risk (see below).</p>
-
<p>Group <arg>pulse-access</arg>: if PulseAudio is running as a system
daemon (see <opt>--system</opt> above) access is granted to
members of this group when they connect via AF_UNIX sockets. If
latency of the PulseAudio daemon from the system load and is thus
the best way to make sure that PulseAudio always gets CPU time
when it needs it to refill the hardware playback
- buffers. Unfortunately this is a security risk on most systems,
+ buffers. Unfortunately this can be a security risk on some systems,
since PulseAudio runs as user process, and giving realtime
- scheduling privileges to a user process always comes with the risk
+ scheduling privileges to a user always comes with the risk
that the user misuses it to lock up the system -- which is
possible since making a process real-time effectively disables
- preemption.</p>
-
- <p>To minimize the risk PulseAudio by default does not enable
- real-time scheduling. It is however recommended to enable it
- on trusted systems. To do that start PulseAudio with
- <opt>--realtime</opt> (see above) or enabled the appropriate option in
- <file>daemon.conf</file>. Since acquiring realtime scheduling is a
- privileged operation on most systems, some special changes to the
- system configuration need to be made to allow them to the calling
- user. Two options are available:</p>
-
- <p>On newer Linux systems the system resource limit RLIMIT_RTPRIO
- (see <manref name="setrlimit" section="2"/> for more information)
- can be used to allow specific users to acquire real-time
- scheduling. This can be configured in
- <file>/etc/security/limits.conf</file>, a resource limit of 9 is recommended.</p>
-
- <p>Alternatively, the SUID root bit can be set for the PulseAudio
- binary. Then, the daemon will drop root privileges immediately on
- startup, however retain the CAP_NICE capability (on systems that
- support it), but only if the calling user is a member of the
- <arg>pulse-rt</arg> group (see above). For all other users all
- capabilities are dropped immediately. The advantage of this
- solution is that the real-time privileges are only granted to the
- PulseAudio daemon -- not to all the user's processes.</p>
-
- <p>Alternatively, if the risk of locking up the machine is
+ preemption. To solve this problem, PulseAudio uses rtkit to safely
+ acquire real-time scheduling when available.</p>
+
+ <p>If the risk of locking up the machine is
considered too big to enable real-time scheduling, high-priority
scheduling can be enabled instead (i.e. negative nice level). This
can be enabled by passing <opt>--high-priority</opt> (see above)
projects / platform / upstream / pulseaudio.git / commitdiff