[pulseaudio-discuss] How to avoid socket activation for root?
Ahmed S. Darwish
darwish.07 at gmail.com
Sat Jan 28 14:00:31 UTC 2017
Hi :-)
On Sat, Jan 28, 2017 at 01:58:32PM +0200, Tanu Kaskinen wrote:
> Hi all,
>
> In the "PA 10 : paplay can't connect !" thread I noticed worrying
> netstat output:
>
> [video at sixcore ~]$ netstat -l -x -p | grep pulse
> (Not all processes could be identified, non-owned process info
> will not be shown, you would have to be root to see it all.)
> unix 2 [ ACC ] STREAM LISTENING 51237 7388/pulseaudio /tmp/.esd-501/socket
> unix 2 [ ACC ] STREAM LISTENING 26773 - /run/user/0/pulse/native
> unix 2 [ ACC ] STREAM LISTENING 40938 7362/systemd /run/user/501/pulse/native
>
> It looks like systemd manages also root login sessions, and it creates
> the pulseaudio socket for root. Presumably pulseaudio would get started
> if some application tried to access the socket. When using the
> traditional autospawning mechanism, we don't start pulseaudio for root,
> and that's how it should be also in the systemd socket activation case.
>
> Does anyone have ideas about how we could prevent systemd from creating
> the socket for root by default?
>
Confirmed here too, as long as a root login shell is there; e.g.
by something like "machinectl shell".
Unless we want a restricting directive directly inside systemd,
below trick seems to work here:
# /etc/systemd/user/pulseaudio.socket.d/override.conf
[Socket]
ExecStartPre=/bin/sh -c '/usr/bin/test $(/usr/bin/whoami) != "root"'
Any better solution?
regards,
--
Darwish
http://darwish.chasingpointers.com
More information about the pulseaudio-discuss
mailing list