From d1a2483f0a7a9b75654c925d8d82485ee9c3e0c3 Mon Sep 17 00:00:00 2001 From: Julian Orth Date: Sat, 10 May 2025 22:44:23 +0200 Subject: [PATCH] docs: add release notes --- docs/setup.md | 27 +++++++++++++++++++++++++++ release-notes.md | 3 +++ 2 files changed, 30 insertions(+) diff --git a/docs/setup.md b/docs/setup.md index b5d91d96..26f5dd88 100644 --- a/docs/setup.md +++ b/docs/setup.md @@ -52,6 +52,33 @@ cargo build --release The binary is then available under `./target/release/jay`. +## Running with CAP_SYS_NICE + +Jay supports being started with CAP_SYS_NICE capabilities. For example, such +capabilities can be added to the binary via + +```shell +~# setcap cap_sys_nice=p jay +``` + +If CAP_SYS_NICE is available, Jay will, by default, elevate its scheduler to +SCHED_RR and create Vulkan queues with the highest available priority. This can +improve responsiveness if the CPU or GPU are under high load. + +If Jay is started with the environment variable `JAY_NO_REALTIME=1` or a +`config.so` exists, then Jay will not elevate its scheduler but will still +create elevated Vulkan queues. + +Jay will drop all capabilities almost immediately after being started. Before +that, it will spawn a dedicated thread that retains the CAP_SYS_NICE capability +to create elevated Vulkan queues later. + +If Jay has elevated its scheduler to SCHED_RR, then it will refuse to load +`config.so` configurations. Otherwise unprivileged applications would be able +to run arbitrary code with SCHED_RR by crafting a dedicated `config.so`. This +behavior can be overridden by compiling Jay with +`JAY_ALLOW_REALTIME_CONFIG_SO=1`. + # Setup ## Configuration diff --git a/release-notes.md b/release-notes.md index 86bccd30..3dcafb8c 100644 --- a/release-notes.md +++ b/release-notes.md @@ -31,6 +31,9 @@ [window-and-client-rules.md](./docs/window-and-client-rules.md). - Add client and tree CLI subcommands to inspect clients and windows, primarily to facilitate the writing of window and client rules. +- Jay now supports being started with CAP_SYS_NICE capabilities to improve + responsiveness under high system load. This is described in detail in + [setup.md](docs/setup.md). # 1.10.0 (2025-04-22)