[PATCH v2] systemd: disable socket activation for root

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, 2017-02-09 at 22:35 +0200, Tanu Kaskinen wrote:
> We disallow autospawning for root, but when using systemd socket
> activation to start pulseaudio, that replaces the autospawning
> mechanism, and there was no similar "root protection" in socket
> activation. This patch disables the socket activation for root.
> ---
>  src/daemon/systemd/user/pulseaudio.socket | 15 +++++++++++++++
>  1 file changed, 15 insertions(+)
> 
> diff --git a/src/daemon/systemd/user/pulseaudio.socket b/src/daemon/systemd/user/pulseaudio.socket
> index 332ece893..c428b9b3b 100644
> --- a/src/daemon/systemd/user/pulseaudio.socket
> +++ b/src/daemon/systemd/user/pulseaudio.socket
> @@ -6,5 +6,20 @@ Priority=6
>  Backlog=5
>  ListenStream=%t/pulse/native
>  
> +# We don't want to enable socket activation for root, because alsa device
> +# handover doesn't work between root and normal users.
> +#
> +# Using ExecStartPre is not quite ideal, because the unit state becomes
> +# "failed", which can make people think that something went wrong, even though
> +# this is normal behaviour. A better solution would be to use
> +# ConditionCapability=!CAP_SYS_ADMIN, but that didn't work for some reason on
> +# a Debian system (in February 2017), so it seems best to not use that. There's
> +# a bug report about the capability check failure:
> +# https://github.com/systemd/systemd/issues/5296

That bug report is now closed, because systemd is working as designed.
ConditionCapability can't be used, because it tests the capability
bounding set, not the effective capabilities. I'll need to fix the
above comment.

-- 
Tanu

https://www.patreon.com/tanuk


[Index of Archives]     [Linux Audio Users]     [AMD Graphics]     [Linux USB Devel]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux