[pulseaudio-tickets] [Bug 45656] lacks handling of (not-so-)special cases in pa_make_secure_dir()

bugzilla-daemon at freedesktop.org bugzilla-daemon at freedesktop.org
Tue Apr 10 03:40:09 PDT 2012 

https://bugs.freedesktop.org/show_bug.cgi?id=45656

Colin Guthrie <fdo at colin.guthr.ie> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Blocks|45812                       |

--- Comment #4 from Colin Guthrie <fdo at colin.guthr.ie> 2012-04-10 03:40:09 PDT ---
OK, so I've just tested this.

I started "pulseaudio --system" as root and it correctly dropped privs to the
pulse user.

The runtime dir was set to /var/run/pulse which I had pre-created to be owned
by pulse.pulse. Likewise the pulse users homedir was set to be /var/lib/pulse
which was also the state dir as per compilation.

When the user was added, the dir had these permissions:
drwxr-xr-x 5 pulse pulse 4096 Apr 10 10:47 /var/lib/pulse/


After launching PA, it changed to these permissions:
drwx------ 5 pulse pulse 4096 Apr 10 10:48 /var/lib/pulse/


The runtime dir was also handled fine. PA ensured the permissions were:
drwxr-xr-x 2 pulse pulse 4096 Apr 10 10:47 /var/run/pulse/


Where I could replicate failure is when /var was a read-only filesystem.

Now this is, in itself, not really something that should be supported. The
whole point of /var is that it is variable. It does not make sense to mount
/var read-only. /usr yes, but not /var:

/var/lib

    Files that change while the system is running normally.

So I'm not sure we should go out of our way to support this. The runtime dir is
even more variable, as /var/run is used for multiple applications to record
transient state. These days it is a symlink to /run which is mounted in tmpfs.


That said, I agree that we could try harder to not fail when the perms are
correct to begin with. i.e. do a check first and miss out the
chown/chmods/mkdir if all is correct already.

I'd happily take a patch for that, but the one on arch is incorrect in this
regard. We should still insist on the known-good perms, we just shouldn't fail
if they are already like that and we cannot call mkdir.

Anyway, this is a very specific use case (the readonly /var - NFS root systems
should use e.g. tmpfs, aufs or unionfs to make these directories r/w even if
the changes are ultimately lost - there are various scripts to do this on
Fedora and Mageia etc - Personally I run just such a setup for my own media
centre), and as such it's something I'm not going to be able to personally look
at for v2.0. If someone wants to provide a good patch, I'll happily merge it.
Removing from 2.0 blockers.

-- 
Configure bugmail: https://bugs.freedesktop.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA Contact for the bug.
You are the assignee for the bug.

More information about the pulseaudio-bugs mailing list