[pulseaudio-discuss] [PATCH] System-wide on recent kernels
Lennart Poettering
lennart at poettering.net
Tue Jul 22 12:24:39 PDT 2008
On Tue, 22.07.08 05:12, Sean McNamara (smcnam at gmail.com) wrote:
> Hello,
>
> I am running latest pulseaudio from git master as of this morning, and
> had some problems with system-wide mode (running as pulse user). I
> suspect this is due to my recent kernel, but it could also be the way
> Ubuntu is configured.
Hmm, no. It's not Ubuntu's fault, nor the kernel's. It's my fault. I
rewrote the privilige dropping logic, so that PA supports file
capabalities instead full suid root. And while doing that I apparently
broke system mode.
I tried to fix this now in current git. Could you please check if this
works for you?
> The observed behavior (thanks, strace!) is that the library functions
> setgroups, setresgid, etc. all fail in main.c... this is because we
> call pa_drop_caps() fairly early on (after setting RT_PRIO) which
> removes our CAP_SETGID and CAP_SETUID capabilities. On my system, at
> least, without these capabilities, the above-mentioned syscalls fail,
> resulting in numerous errors on startup. I'm using Ubuntu Intrepid
> Alpha2, which is a 2.6.26 kernel.
Yepp, PA retries to replace CAP_SYS_NICE with a higher RLIMIT_RTPRIO
right now. But that logic should only be there for normal users, not
for system mode or when started for the root user.
Because system mode is ... uh .. system mode I think it would be a bad
idea to keep any higher priviliges. That's why in this case PA should
no try to limit capabilities but instead just wait until the
setresuid() call takes them all away anyway.
> Startup time does not seem negatively affected (on a desktop, what's a
> few syscalls? ;)) by the additional transition. Since this all seems
> very Linux-specific, I was careful to make this entire patch invisible
> to people who don't run Linux or whose userspace Linux headers don't
> have the capabilities interface. This definitely deserves testing on
> older kernels, but I don't have any available at the moment. On my
> system, though, this patch does not generate any further bad-looking
> warnings/infos from PA... it seems to work well now.
TBH portability is not really a necessary feature for a patch you
submit. The system I focus on is Linux. I won't make it explicitly
difficult for porters to other operating systems, but the portability
patches have to come from them. So, if a patch breaks Solaris support
but is otherwise good I will merge it. OTOH if a patch breaks Linux
support I won't.
> Also, there was a slight problem which I'm just going to complain
> about but not patch ;) It may have been related to this, not sure...
> my first roadblock was it was trying to mkdir /var/lib/pulse and set
> its permissions to 0700. I was making the directory as root and
> chown-ing it to pulse:pulse, but PA got angry and unlinked it each
> time, until I figured out (from strace) that it wants it 0700 or it
> will delete it. ;-)
hmmm, pa shouldn't unlink that directory if it didn't create it in the
first place i guess. Could you file a bug about this, so i don't
forget this?
Thank you for the patches!
Lennart
--
Lennart Poettering Red Hat, Inc.
lennart [at] poettering [dot] net ICQ# 11060553
http://0pointer.net/lennart/ GnuPG 0x1A015CC4
More information about the pulseaudio-discuss
mailing list