FS#2107 - Post-install message for audio packages advises bad practice

Attached to Project: Arch Linux
Opened by Matt Gushee (mgushee) - Sunday, 30 January 2005, 20:39 GMT
Last edited by Tobias Powalowski (tpowa) - Monday, 31 January 2005, 06:55 GMT
Task Type Bug Report
Category Documentation
Status Closed
Assigned To Tobias Kieslich (tobias)
Architecture not specified
Severity Low
Priority Normal
Reported Version 0.7 Wombat
Due in Version Undecided
Due Date Undecided
Percent Complete 0%
Votes 0
Private No

Details

jack-audio-connection-kit and several other audio-related packages output a post-installation message explaining that you need to run them as root to gain realtime access, and suggesting the programs be run setuid root.

This might be acceptable if there were no other way for a normal user to gain realtime access, but that is not the case. In fact, the recommended procedure is to use the realtime-lsm module. See:

http://jackit.sourceforge.net/docs/faq.php#a5

Please stop encouraging people to create security holes!
This task depends upon

Closed by  Tobias Kieslich (tobias)
Thursday, 10 March 2005, 18:26 GMT
Reason for closing:  Fixed
Additional comments about closing:  removed the suid messages from qjackctl and jack itself
Comment by Tobias Powalowski (tpowa) - Monday, 31 January 2005, 06:55 GMT
assigned to other tobias.
Comment by Tobias Kieslich (tobias) - Monday, 31 January 2005, 08:37 GMT
Hm, I aware of realtime-lsm, but as a matter of fact, this module seems incompatible with our stock-kernel configuration, so it is not an option for the standard repos. Since Archlinux is not an Audio specialized distribution, this prolly won't changed so soon.
I could try to rely on damirs --mm kernel, but this one gets broken from time to time(which is an upstream issue and not damirss fault). So this can't be change easily :(
Comment by Matt Gushee (mgushee) - Monday, 31 January 2005, 17:51 GMT
There is a reason I filed this under documentation. Realtime capability is a rather special need: you don't need it to listen to MP3s, or even to play around with apps like Rosegarden. The issue is mainly for people who are serious about creating music. So I see nothing wrong with the distribution providing just basic audio capability, and outputting a message explaining how to get better performance--as is the case now. The problem is *what the message says.* Setting apps suid root is presented as *the way* for normal users to get realtime capability; yet there is another, almost certainly better, way, and we should be recommending it. So people will have to compile their own kernels. Anybody who can't handle that probably can't handle Rosegarden either.

Loading...