[pulseaudio-discuss] [PATCH] systemd: disable socket activation for root
Felipe Sateler
fsateler at debian.org
Fri Feb 3 13:17:28 UTC 2017
On 3 February 2017 at 05:51, Tanu Kaskinen <tanuk at iki.fi> wrote:
> We disallow autospawning for root, but when using systemd socket
> activation to start pulseaudio, that replaces the autospawning
> mechanism, and there was no similar "root protection" in socket
> activation. This patch disables the socket activation for root.
>
> Thanks to Felipe Sateler for coming up with the idea of using
> ConditionPathIsReadWrite=!/run.
I'm sorry but I'll have to take this back. This check only checks if
the path is mounted read-write, not if the calling process has the
necessary permissions.
https://github.com/systemd/systemd/blob/master/src/shared/condition.c#L405
https://github.com/systemd/systemd/blob/master/src/basic/stat-util.c#L126
:(
--
Saludos,
Felipe Sateler
More information about the pulseaudio-discuss
mailing list