'Twas brillig, and Haug B?rger at 13/12/10 20:37 did gyre and gimble: > Colin Guthrie schrieb: >> 'Twas brillig, and Haug B?rger at 12/12/10 10:59 did gyre and gimble: >> >>> The leatest Ubuntu has a serious security bug caused by pulseaudio. If >>> you configure pammount to mount a crypted home directory it is not able >>> to unmount it because pulseaudio has files in use (.pulse/*). You can >>> not even kill the daemon because it is set to user session. >>> >>> So, how can you stop the pulseaudio user session? In the hope that this >>> releases the files. >>> >>> Is it really necessary for the deamon to lock the files that you can not >>> unmount or is this a bug? >>> >> >> It's quite deliberate. PA has a timeout that prevents it from closing >> immediate. This means that if PA autospawns, it will stick around for a >> little while in case it's needed again (while startup is fairly quick, >> we do have to probe the hardware so it does take time). This is >> primarily for console applications rather than X11 however, as under X11 >> a Session Manager module is loaded which keeps PA alive for the duration >> of the X session. >> >> You can make a change in daemon.conf to set exit-idle-time to 0. This >> should allow PA to exit when the X11 session exits. >> > This doesn't work. Probably because you might have another user session > with X11 active. This means PA is not closed and gdm can not close the > session properly. Do you mean you have two X11 sessions for the same user active? If so I don't understand why you'd want to unmount your $HOME in this case.... If you do not mean that there are two sessions by the same user active can you please explain this statement some more as I don't fully appreciate what your are describing. > I don't care if PA still runs but why does it lock files in my home > directory? Well it uses a socket file to communicate with other processes. This file is typically stored in $TMPDIR which is often $HOME/tmp. I suspect it is this socket file that is causing you problems. > It is not even possible as root to shut down a user session. Gdm can not > even kill the user session. This makes PA a pain in the a... Not really sure what you mean here? Root can easily kill any PA process. Can you describe what you mean in more detail here? > So, how can you stop the pulseaudio user session? A user can simply call "pulseaudio -k" will kill their PA session. However, depending on what other applications are still running, it may very well be autospawned again. It would be very trivial to add a option to src/modules/x11/module-x11-xsmp.c in the kill_cb() that would shut down the PA daemon on X11 logout, but it is not currently done in order to ensure that multiple X11 sessions by one user are supported. I guess some smarts could allow for checking the loaded modules and only exit if no other x11-xmsp module instances exist. I'm still not 100% sure why this whole thing is a problem tho'. I'm sure there is an easy way to kill all processes started by a user - this will certainly be especially true/easier when systemd handles user sessions: http://0pointer.de/blog/projects/systemd-update-2.html "We now safely destroy all user session before going down. This is a feature long missing on Linux: since user processes were not killed until the very last moment the unhealthy situation that user code was running at a time where no other daemon was remaining was a normal part of shutdown." -- Colin Guthrie gmane(at)colin.guthr.ie http://colin.guthr.ie/ Day Job: Tribalogic Limited [http://www.tribalogic.net/] Open Source: Mageia Contributor [http://www.mageia.org/] PulseAudio Hacker [http://www.pulseaudio.org/] Trac Hacker [http://trac.edgewall.org/]
