[pulseaudio-discuss] [PATCH] System-wide on recent kernels

Sean McNamara smcnam at gmail.com
Tue Jul 22 05:12:20 PDT 2008 

Hello,

I am running latest pulseaudio from git master as of this morning, and
had some problems with system-wide mode (running as pulse user). I
suspect this is due to my recent kernel, but it could also be the way
Ubuntu is configured.

The observed behavior (thanks, strace!) is that the library functions
setgroups, setresgid, etc. all fail in main.c... this is because we
call pa_drop_caps() fairly early on (after setting RT_PRIO) which
removes our CAP_SETGID and CAP_SETUID capabilities. On my system, at
least, without these capabilities, the above-mentioned syscalls fail,
resulting in numerous errors on startup. I'm using Ubuntu Intrepid
Alpha2, which is a 2.6.26 kernel.

I have created a pretty straightforward patch to src/daemon/main.c,
src/daemon/caps.h and src/daemon/caps.c which does the following:

1. New function, pa_retain_caps, in caps.h. Drops all caps except
certain ones specified in a cap_value_t array. Heavily inspired by
pa_limit_caps itself, but I didn't want to break pa_limit_caps, which
has the pre-set behavior of retaining *only* CAP_SYS_NICE.

2. Use pa_retain_caps -- keeping CAP_SETGID and CAP_SETUID, but
getting rid of CAP_SYS_NICE -- after acquiring RT_PRIO.

3. Finally, we drop *all* caps (including CAP_SETGID and CAP_SETUID)
at the end of the change_user() function. change_user() is called
chronologically after pa_retain_caps, so on Linux, the capabilities we
have (if we run as root) funnel down thusly during startup:

all caps --> CAP_SYS_NICE --> CAP_SETGID / CAP_SETUID --> no caps

Startup time does not seem negatively affected (on a desktop, what's a
few syscalls? ;)) by the additional transition. Since this all seems
very Linux-specific, I was careful to make this entire patch invisible
to people who don't run Linux or whose userspace Linux headers don't
have the capabilities interface. This definitely deserves testing on
older kernels, but I don't have any available at the moment. On my
system, though, this patch does not generate any further bad-looking
warnings/infos from PA... it seems to work well now.

Also, there was a slight problem which I'm just going to complain
about but not patch ;) It may have been related to this, not sure...
my first roadblock was it was trying to mkdir /var/lib/pulse and set
its permissions to 0700. I was making the directory as root and
chown-ing it to pulse:pulse, but PA got angry and unlinked it each
time, until I figured out (from strace) that it wants it 0700 or it
will delete it. ;-)

So, to anyone having trouble with /var/lib/pulse when running
system-wide: the fix is

# mkdir -m 0700 /var/lib/pulse
# chown pulse:pulse /var/lib/pulse
# pulseaudio

Thanks,

Sean
-------------- next part --------------
A non-text attachment was scrubbed...
Name: system-wide-caps-fix.patch
Type: text/x-patch
Size: 2348 bytes
Desc: not available
URL: <http://lists.freedesktop.org/archives/pulseaudio-discuss/attachments/20080722/a704a101/attachment.bin>

More information about the pulseaudio-discuss mailing list