On Tue, Jun 05, 2007 at 01:19:45PM +0200, Ed Schouten wrote:
> * CJ van den Berg <cj at vdbonline.com> wrote:
> > On Tue, Jun 05, 2007 at 07:39:26AM +0200, Ed Schouten wrote:
> > > When we want to support chroot(), we must open the device before the
> > > actual chroot() call and only close the device when shutting down. This
> > > is what the OSS module does, for example. When I look at the API of the
> > > Simple API, there is no way to change the the pa_sample_spec afterwards.
> >
> > Why not just hardlink the pulseaudio socket (ie. /tmp/pulse-${USER}/native
> > or /var/run/pulse/native) into the chroot?
>
> Because I'd like the application to not require any resources while
> chroot()'ed. That's also why the application calls res_init() before the
> chroot()-call, which causes stuff that needs DNS (AudioScrobbler, HTTP
> audio streams) to Just Work (tm).
It requires the resource (ie. the pulseaudio socket) either way. Whether it
opens it before the chroot or after makes no difference. Either way the
process has an open file descriptor that connects it to pulseaudio that may
(or may not) be a security risk.
--
CJ van den Berg
mailto:cj at vdbonline.com
xmpp:cj at vdbonline.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
URL: <http://lists.freedesktop.org/archives/pulseaudio-discuss/attachments/20070605/1019898d/attachment.pgp>
