Hi :-) On Sat, Jan 28, 2017 at 01:58:32PM +0200, Tanu Kaskinen wrote: > Hi all, > > In the "PA 10 : paplay can't connect !" thread I noticed worrying > netstat output: > > [video at sixcore ~]$ netstat -l -x -p | grep pulse > (Not all processes could be identified, non-owned process info >  will not be shown, you would have to be root to see it all.) > unix 2     [ ACC ]    STREAM    LISTENING    51237 7388/pulseaudio     /tmp/.esd-501/socket > unix 2     [ ACC ]    STREAM    LISTENING    26773   -        /run/user/0/pulse/native > unix 2     [ ACC ]    STREAM    LISTENING    40938   7362/systemd /run/user/501/pulse/native > > It looks like systemd manages also root login sessions, and it creates > the pulseaudio socket for root. Presumably pulseaudio would get started > if some application tried to access the socket. When using the > traditional autospawning mechanism, we don't start pulseaudio for root, > and that's how it should be also in the systemd socket activation case. > > Does anyone have ideas about how we could prevent systemd from creating > the socket for root by default? > Confirmed here too, as long as a root login shell is there; e.g. by something like "machinectl shell". Unless we want a restricting directive directly inside systemd, below trick seems to work here: # /etc/systemd/user/pulseaudio.socket.d/override.conf [Socket] ExecStartPre=/bin/sh -c '/usr/bin/test $(/usr/bin/whoami) != "root"' Any better solution? regards, -- Darwish http://darwish.chasingpointers.com
