On Wed, 2011-12-21 at 23:24 +0100, Maarten Bosmans wrote:
> 2011/12/10 Graeme Pietersz <graeme.pietersz at gmail.com>:
> > Obviously, allowing any user access is not a security issue as that is what I want (it would be good to restrict network access to the microphone though, but its not essential).
>
> The best setup I can think of is to run a system-wide daemon on
> startup with module-native-protocol-tcp loaded and a per-user daemon
> in the default setup. You should setup both daemon's config files
> (/etc/pulse/{system,default}.pa respectively) such that instead of
> running module-udev-detect, you only load a module-alsa-sink (and
> perhaps a source) for the right soundcard, so that each daemon only
> has sinks and sources for the card it needs. (thereby also solving the
> microfone eavesdropping problem)
Good advice. I'd use module-alsa-card instead of module-alsa-sink and
module-alsa-source, though. That way all profiles that are supported by
the card will be available, and you don't have to think about the sink
parameters.
Loading module-alsa-card is simple:
load-module module-alsa-card device_id=<index or name>
<index or name> is what /proc/asound/card shows you. The index may not
stay stable across reboots, so using the card name is preferable. I have
this in /proc/asound/cards:
0 [Intel ]: HDA-Intel - HDA Intel
HDA Intel at 0xee400000 irq 47
Here 0 is the card index, and "Intel" is the card name.
> There could be a problem with the dbus bits of pulse, but I think that
> those are solved in git master.
If you mean refusing to start when the session isn't available, the
problem (which is already fixed in 1.1) shouldn't affect the system
mode, and if I understood the setup correctly, the per-user mode will be
started normally as part of the X session, so the problem won't affect
the per-user mode either.
--
Tanu
