
		    Realtime Linux Security Module


This Linux Security Module (LSM) enables realtime capabilities.  It
was written by Torben Hohn and Jack O'Quin, under the provisions of
the GPL (see the COPYING file).  We make no warranty concerning the
safety, security or even stability of your system when using it.  But,
we will fix problems if you report them.

Once the LSM has been installed and the kernel for which it was built
is running, the root user can load it and pass parameters as follows:

  # modprobe realtime any=1

  Any program can request realtime privileges.  This allows any local
  user to crash the system by hogging the CPU in a tight loop or
  locking down too much memory.  But, it is simple to administer.  :-)

  # modprobe realtime gid=29

  All users belonging to group 29 and programs that are setgid to that
  group have realtime privileges.  Use any group number you like.  A
  `gid' of -1 disables group access.

  # modprobe realtime mlock=0

  Grants realtime scheduling privileges without the ability to lock
  memory using mlock() or mlockall() system calls.  This option can be
  used in conjunction with any of the other options.

After the module is loaded, its parameters can be changed dynamically
via sysfs.

  # echo 1  > /sys/module/realtime/parameters/any
  # echo 29 > /sys/module/realtime/parameters/gid
  # echo 1  > /sys/module/realtime/parameters/mlock

Jack O'Quin, joq@io.com
