[pulseaudio-discuss] system-wide daemon

Lennart Poettering lennart at poettering.net
Wed Feb 10 15:42:06 PST 2010 

On Wed, 10.02.10 05:50, Bill Cox (waywardgeek at gmail.com) wrote:

> 
> Here's what I don't understand.  Why doesn't PA run in system-wide
> mode, but still do all the same user-permission checks it does now,
> and only authorize the current user to access the sound card? 

Because that is extraordinarily difficult to get right. first of all,
we would have to authorize every single request, and come up with ACL
logic for every single entity inside of PA. i.e. if a user issues
"move" request we would have to check whether the user is allowed to
move this particular stream and to this particular device and so
on. This would add a substantial and complex codebase to PA. Also,
suddenly the bigger part of PA suddenly becomes security sensitive
because we can never trust the user anymore.

This would also mean that we would have to get rid of stuff like SHM
data transfer because I simply see no way to implement this on current
linuxes in a safe way so that the two sides don't have to trust each
other. (the most trivial access is that one side ftruncates its shm
region triggering a SIGBUS in the other on the next access. And
catching those SIGBUS and handling it sanely and securely you cannot
really do. but that's just the beginning, it goes downhill from
there.)

I mean, you are welcome to write such a franken-sound-server, which
can deal with all of this. But I simply don't think it is feasible. I
won't wast my time on that and reimplement big parts of the linux
kernel in userspace. 

Certainly not just because some people want to playback audio
simultaneously from multiple users and cannot configure
module-native-protocol-xxx/module-tunnel-sink for that.

> Is there any advantage in running the whole PA daemon in user
> space?  Why have multiple PA processes running when there are
> multiple users?  Doesn't this waste memory?

Next question: why have multiple firefox processes running? doesn't
that waste memory? I mean, multiple users could share one
instance, right? </sarcasm>

> If PA were run this way, it would be trivial to allow specific root
> processes or authorized users to access the sound card at the same
> time as the current user.

"trivial". Right.

> Also, why does zero latency by default increase CPU power?  SFAIK,
> zero latency (or inperceptably small) is the default in all other
> sound systems, and I haven't heard of increased CPU usage as a
> result.

"zero latency" does not literally mean what you apparently think it
does. It simply means that you can override the very sample that is
currently passed to the DAC, it does not mean you really get 0 latency
when streaming a continuous stream.

Lennart

-- 
Lennart Poettering                        Red Hat, Inc.
lennart [at] poettering [dot] net
http://0pointer.net/lennart/           GnuPG 0x1A015CC4

More information about the pulseaudio-discuss mailing list