[pulseaudio-discuss] [PATCH] systemd: disable socket activation for root

[Alexander E. Patrakov]

I have followed the discussion behind this patch, and agree that it is
currently the best way to avoid socket activation for root. Both the
commit message and the comments describe very well why we want that.

So - ACK, with a minor note that the use of negation with
ConditionPathIsReadWrite is undocumented in the manual page of
systemd-232. But well, systemd-fsck-root.service also uses this
syntax, so it is not a problem :)


2017-02-03 13:51 GMT+05:00 Tanu Kaskinen <tanuk at iki.fi>:
> We disallow autospawning for root, but when using systemd socket
> activation to start pulseaudio, that replaces the autospawning
> mechanism, and there was no similar "root protection" in socket
> activation. This patch disables the socket activation for root.
>
> Thanks to Felipe Sateler for coming up with the idea of using
> ConditionPathIsReadWrite=!/run.
> ---
>  src/daemon/systemd/user/pulseaudio.socket | 7 +++++++
>  1 file changed, 7 insertions(+)
>
> diff --git a/src/daemon/systemd/user/pulseaudio.socket b/src/daemon/systemd/user/pulseaudio.socket
> index 332ece893..05459edc0 100644
> --- a/src/daemon/systemd/user/pulseaudio.socket
> +++ b/src/daemon/systemd/user/pulseaudio.socket
> @@ -1,6 +1,13 @@
>  [Unit]
>  Description=Sound System
>
> +# We don't want to enable socket activation for root, because alsa device
> +# handover doesn't work between root and normal users. /run should be writable
> +# only by root, so we use that to detect whether the current user is root.
> +# A request has been submitted for a more straightforward way to detect the
> +# current user: https://github.com/systemd/systemd/issues/5187
> +ConditionPathIsReadWrite=!/run
> +
>  [Socket]
>  Priority=6
>  Backlog=5
> --
> 2.11.0
>
> _______________________________________________
> pulseaudio-discuss mailing list
> pulseaudio-discuss at lists.freedesktop.org
> https://lists.freedesktop.org/mailman/listinfo/pulseaudio-discuss



-- 
Alexander E. Patrakov