[systemd-devel] How to change XDG_RUNTIME_DIR permissions
Mantas Mikulėnas
grawity at gmail.com
Mon Apr 9 20:09:20 UTC 2018
On Mon, Apr 9, 2018, 21:35 Simon McVittie <smcv at collabora.com> wrote:
> On Mon, 09 Apr 2018 at 17:27:10 +0000, john terragon wrote:
> > created by the logind service.I want to make the socket of the pulseaudio
> > server of one particular user available to all the others.
>
> This is basically PulseAudio system-wide mode:
>
> https://www.freedesktop.org/wiki/Software/PulseAudio/Documentation/User/SystemWide/
>
> https://www.freedesktop.org/wiki/Software/PulseAudio/Documentation/User/WhatIsWrongWithSystemWide/
>
> ... except worse, because instead of potentially being able to escalate
> privileges to a dedicated system uid that runs the PulseAudio system
> server, you can potentially escalate privileges to the account of
> another user.
>
> I would suggest using the system-wide mode instead: it's a bad idea
> for all the reasons listed in the link above, but seems less bad than
> reinventing it via a user's account.
>
Except for the shared memory part, which I seem to remember has finally
been solved using memfd sealing?
> --
Mantas Mikulėnas <grawity at gmail.com>
Sent from my phone
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.freedesktop.org/archives/systemd-devel/attachments/20180409/0a4cbae7/attachment.html>
More information about the systemd-devel
mailing list