On Wed, 10.02.10 05:50, Bill Cox (waywardgeek at gmail.com) wrote: > > Here's what I don't understand. Why doesn't PA run in system-wide > mode, but still do all the same user-permission checks it does now, > and only authorize the current user to access the sound card? Because that is extraordinarily difficult to get right. first of all, we would have to authorize every single request, and come up with ACL logic for every single entity inside of PA. i.e. if a user issues "move" request we would have to check whether the user is allowed to move this particular stream and to this particular device and so on. This would add a substantial and complex codebase to PA. Also, suddenly the bigger part of PA suddenly becomes security sensitive because we can never trust the user anymore. This would also mean that we would have to get rid of stuff like SHM data transfer because I simply see no way to implement this on current linuxes in a safe way so that the two sides don't have to trust each other. (the most trivial access is that one side ftruncates its shm region triggering a SIGBUS in the other on the next access. And catching those SIGBUS and handling it sanely and securely you cannot really do. but that's just the beginning, it goes downhill from there.) I mean, you are welcome to write such a franken-sound-server, which can deal with all of this. But I simply don't think it is feasible. I won't wast my time on that and reimplement big parts of the linux kernel in userspace. Certainly not just because some people want to playback audio simultaneously from multiple users and cannot configure module-native-protocol-xxx/module-tunnel-sink for that. > Is there any advantage in running the whole PA daemon in user > space? Why have multiple PA processes running when there are > multiple users? Doesn't this waste memory? Next question: why have multiple firefox processes running? doesn't that waste memory? I mean, multiple users could share one instance, right? </sarcasm> > If PA were run this way, it would be trivial to allow specific root > processes or authorized users to access the sound card at the same > time as the current user. "trivial". Right. > Also, why does zero latency by default increase CPU power? SFAIK, > zero latency (or inperceptably small) is the default in all other > sound systems, and I haven't heard of increased CPU usage as a > result. "zero latency" does not literally mean what you apparently think it does. It simply means that you can override the very sample that is currently passed to the DAC, it does not mean you really get 0 latency when streaming a continuous stream. Lennart -- Lennart Poettering Red Hat, Inc. lennart [at] poettering [dot] net http://0pointer.net/lennart/ GnuPG 0x1A015CC4
