Hello, I am running latest pulseaudio from git master as of this morning, and had some problems with system-wide mode (running as pulse user). I suspect this is due to my recent kernel, but it could also be the way Ubuntu is configured. The observed behavior (thanks, strace!) is that the library functions setgroups, setresgid, etc. all fail in main.c... this is because we call pa_drop_caps() fairly early on (after setting RT_PRIO) which removes our CAP_SETGID and CAP_SETUID capabilities. On my system, at least, without these capabilities, the above-mentioned syscalls fail, resulting in numerous errors on startup. I'm using Ubuntu Intrepid Alpha2, which is a 2.6.26 kernel. I have created a pretty straightforward patch to src/daemon/main.c, src/daemon/caps.h and src/daemon/caps.c which does the following: 1. New function, pa_retain_caps, in caps.h. Drops all caps except certain ones specified in a cap_value_t array. Heavily inspired by pa_limit_caps itself, but I didn't want to break pa_limit_caps, which has the pre-set behavior of retaining *only* CAP_SYS_NICE. 2. Use pa_retain_caps -- keeping CAP_SETGID and CAP_SETUID, but getting rid of CAP_SYS_NICE -- after acquiring RT_PRIO. 3. Finally, we drop *all* caps (including CAP_SETGID and CAP_SETUID) at the end of the change_user() function. change_user() is called chronologically after pa_retain_caps, so on Linux, the capabilities we have (if we run as root) funnel down thusly during startup: all caps --> CAP_SYS_NICE --> CAP_SETGID / CAP_SETUID --> no caps Startup time does not seem negatively affected (on a desktop, what's a few syscalls? ;)) by the additional transition. Since this all seems very Linux-specific, I was careful to make this entire patch invisible to people who don't run Linux or whose userspace Linux headers don't have the capabilities interface. This definitely deserves testing on older kernels, but I don't have any available at the moment. On my system, though, this patch does not generate any further bad-looking warnings/infos from PA... it seems to work well now. Also, there was a slight problem which I'm just going to complain about but not patch ;) It may have been related to this, not sure... my first roadblock was it was trying to mkdir /var/lib/pulse and set its permissions to 0700. I was making the directory as root and chown-ing it to pulse:pulse, but PA got angry and unlinked it each time, until I figured out (from strace) that it wants it 0700 or it will delete it. ;-) So, to anyone having trouble with /var/lib/pulse when running system-wide: the fix is # mkdir -m 0700 /var/lib/pulse # chown pulse:pulse /var/lib/pulse # pulseaudio Thanks, Sean -------------- next part -------------- A non-text attachment was scrubbed... Name: system-wide-caps-fix.patch Type: text/x-patch Size: 2348 bytes Desc: not available URL: <http://lists.freedesktop.org/archives/pulseaudio-discuss/attachments/20080722/a704a101/attachment.bin>
