[pulseaudio-discuss] [PATCH] systemd: disable socket activation for root
Joe
josephj at main.nc.us
Wed Feb 8 17:41:31 UTC 2017
I'm completely out of my depth here - I program mostly in bash, but ...
If you want to know if you can do something, one way is to try to do it
and see if it fails.
What would happen if you just issued something harmless like a touch
command to something in the path?
Wouldn't that give you a definitive answer without checking any flags or
settings?
Joe
On 02/08/2017 07:36 AM, Tanu Kaskinen wrote:
> On Fri, 2017-02-03 at 10:17 -0300, Felipe Sateler wrote:
>> On 3 February 2017 at 05:51, Tanu Kaskinen <tanuk at iki.fi> wrote:
>>> We disallow autospawning for root, but when using systemd socket
>>> activation to start pulseaudio, that replaces the autospawning
>>> mechanism, and there was no similar "root protection" in socket
>>> activation. This patch disables the socket activation for root.
>>>
>>> Thanks to Felipe Sateler for coming up with the idea of using
>>> ConditionPathIsReadWrite=!/run.
>> I'm sorry but I'll have to take this back. This check only checks if
>> the path is mounted read-write, not if the calling process has the
>> necessary permissions.
>>
>> https://github.com/systemd/systemd/blob/master/src/shared/condition.c#L405
>> https://github.com/systemd/systemd/blob/master/src/basic/stat-util.c#L126
>>
>> :(
> Well, that's disappointing (and shame on me - I should have tested the
> patch better).
>
> I think using ExecStartPre as Ahmed first suggested is the best
> solution. It should do exactly what we want. The admin capability check
> can have some corner cases where it does the wrong thing.
>
More information about the pulseaudio-discuss
mailing list