diff options
Diffstat (limited to 'src/daemon')
-rw-r--r-- | src/daemon/caps.c | 15 | ||||
-rw-r--r-- | src/daemon/daemon-conf.c | 18 | ||||
-rw-r--r-- | src/daemon/daemon.conf.in | 12 | ||||
-rw-r--r-- | src/daemon/main.c | 11 | ||||
-rw-r--r-- | src/daemon/pulseaudio-system.conf | 37 |
5 files changed, 67 insertions, 26 deletions
diff --git a/src/daemon/caps.c b/src/daemon/caps.c index 294be494..76b62e03 100644 --- a/src/daemon/caps.c +++ b/src/daemon/caps.c @@ -57,24 +57,29 @@ void pa_drop_root(void) { #ifdef HAVE_GETUID uid_t uid; + gid_t gid; + pa_log_debug(_("Cleaning up privileges.")); uid = getuid(); - if (uid == 0 || geteuid() != 0) - return; - - pa_log_info(_("Dropping root privileges.")); + gid = getgid(); #if defined(HAVE_SETRESUID) pa_assert_se(setresuid(uid, uid, uid) >= 0); + pa_assert_se(setresgid(gid, gid, gid) >= 0); #elif defined(HAVE_SETREUID) pa_assert_se(setreuid(uid, uid) >= 0); + pa_assert_se(setregid(gid, gid) >= 0); #else pa_assert_se(setuid(uid) >= 0); pa_assert_se(seteuid(uid) >= 0); + pa_assert_se(setgid(gid) >= 0); + pa_assert_se(setegid(gid) >= 0); #endif pa_assert_se(getuid() == uid); pa_assert_se(geteuid() == uid); + pa_assert_se(getgid() == gid); + pa_assert_se(getegid() == gid); #endif #ifdef HAVE_SYS_PRCTL_H @@ -82,7 +87,7 @@ void pa_drop_root(void) { #endif #ifdef HAVE_SYS_CAPABILITY_H - { + if (uid != 0) { cap_t caps; pa_assert_se(caps = cap_init()); pa_assert_se(cap_clear(caps) == 0); diff --git a/src/daemon/daemon-conf.c b/src/daemon/daemon-conf.c index 9010f2f6..9a87b555 100644 --- a/src/daemon/daemon-conf.c +++ b/src/daemon/daemon-conf.c @@ -441,11 +441,15 @@ int pa_daemon_conf_load(pa_daemon_conf *c, const char *filename) { { "high-priority", pa_config_parse_bool, &c->high_priority, NULL }, { "realtime-scheduling", pa_config_parse_bool, &c->realtime_scheduling, NULL }, { "disallow-module-loading", pa_config_parse_bool, &c->disallow_module_loading, NULL }, + { "allow-module-loading", pa_config_parse_not_bool, &c->disallow_module_loading, NULL }, { "disallow-exit", pa_config_parse_bool, &c->disallow_exit, NULL }, + { "allow-exit", pa_config_parse_not_bool, &c->disallow_exit, NULL }, { "use-pid-file", pa_config_parse_bool, &c->use_pid_file, NULL }, { "system-instance", pa_config_parse_bool, &c->system_instance, NULL }, { "no-cpu-limit", pa_config_parse_bool, &c->no_cpu_limit, NULL }, + { "cpu-limit", pa_config_parse_not_bool, &c->no_cpu_limit, NULL }, { "disable-shm", pa_config_parse_bool, &c->disable_shm, NULL }, + { "enable-shm", pa_config_parse_not_bool, &c->disable_shm, NULL }, { "flat-volumes", pa_config_parse_bool, &c->flat_volumes, NULL }, { "lock-memory", pa_config_parse_bool, &c->lock_memory, NULL }, { "exit-idle-time", pa_config_parse_int, &c->exit_idle_time, NULL }, @@ -465,7 +469,9 @@ int pa_daemon_conf_load(pa_daemon_conf *c, const char *filename) { { "default-fragment-size-msec", parse_fragment_size_msec, c, NULL }, { "nice-level", parse_nice_level, c, NULL }, { "disable-remixing", pa_config_parse_bool, &c->disable_remixing, NULL }, + { "enable-remixing", pa_config_parse_not_bool, &c->disable_remixing, NULL }, { "disable-lfe-remixing", pa_config_parse_bool, &c->disable_lfe_remixing, NULL }, + { "enable-lfe-remixing", pa_config_parse_not_bool, &c->disable_lfe_remixing, NULL }, { "load-default-script-file", pa_config_parse_bool, &c->load_default_script_file, NULL }, { "shm-size-bytes", pa_config_parse_size, &c->shm_size, NULL }, { "log-meta", pa_config_parse_bool, &c->log_meta, NULL }, @@ -623,12 +629,12 @@ char *pa_daemon_conf_dump(pa_daemon_conf *c) { pa_strbuf_printf(s, "nice-level = %i\n", c->nice_level); pa_strbuf_printf(s, "realtime-scheduling = %s\n", pa_yes_no(c->realtime_scheduling)); pa_strbuf_printf(s, "realtime-priority = %i\n", c->realtime_priority); - pa_strbuf_printf(s, "disallow-module-loading = %s\n", pa_yes_no(c->disallow_module_loading)); - pa_strbuf_printf(s, "disallow-exit = %s\n", pa_yes_no(c->disallow_exit)); + pa_strbuf_printf(s, "allow-module-loading = %s\n", pa_yes_no(!c->disallow_module_loading)); + pa_strbuf_printf(s, "allow-exit = %s\n", pa_yes_no(!c->disallow_exit)); pa_strbuf_printf(s, "use-pid-file = %s\n", pa_yes_no(c->use_pid_file)); pa_strbuf_printf(s, "system-instance = %s\n", pa_yes_no(c->system_instance)); - pa_strbuf_printf(s, "no-cpu-limit = %s\n", pa_yes_no(c->no_cpu_limit)); - pa_strbuf_printf(s, "disable-shm = %s\n", pa_yes_no(c->disable_shm)); + pa_strbuf_printf(s, "cpu-limit = %s\n", pa_yes_no(!c->no_cpu_limit)); + pa_strbuf_printf(s, "enable-shm = %s\n", pa_yes_no(!c->disable_shm)); pa_strbuf_printf(s, "flat-volumes = %s\n", pa_yes_no(c->flat_volumes)); pa_strbuf_printf(s, "lock-memory = %s\n", pa_yes_no(c->lock_memory)); pa_strbuf_printf(s, "exit-idle-time = %i\n", c->exit_idle_time); @@ -639,8 +645,8 @@ char *pa_daemon_conf_dump(pa_daemon_conf *c) { pa_strbuf_printf(s, "log-target = %s\n", c->auto_log_target ? "auto" : (c->log_target == PA_LOG_SYSLOG ? "syslog" : "stderr")); pa_strbuf_printf(s, "log-level = %s\n", log_level_to_string[c->log_level]); pa_strbuf_printf(s, "resample-method = %s\n", pa_resample_method_to_string(c->resample_method)); - pa_strbuf_printf(s, "disable-remixing = %s\n", pa_yes_no(c->disable_remixing)); - pa_strbuf_printf(s, "disable-lfe-remixing = %s\n", pa_yes_no(c->disable_lfe_remixing)); + pa_strbuf_printf(s, "enable-remixing = %s\n", pa_yes_no(!c->disable_remixing)); + pa_strbuf_printf(s, "enable-lfe-remixing = %s\n", pa_yes_no(!c->disable_lfe_remixing)); pa_strbuf_printf(s, "default-sample-format = %s\n", pa_sample_format_to_string(c->default_sample_spec.format)); pa_strbuf_printf(s, "default-sample-rate = %u\n", c->default_sample_spec.rate); pa_strbuf_printf(s, "default-sample-channels = %u\n", c->default_sample_spec.channels); diff --git a/src/daemon/daemon.conf.in b/src/daemon/daemon.conf.in index 6931359c..d8b58d8a 100644 --- a/src/daemon/daemon.conf.in +++ b/src/daemon/daemon.conf.in @@ -21,14 +21,14 @@ ; daemonize = no ; fail = yes -; disallow-module-loading = no -; disallow-exit = no +; allow-module-loading = yes +; allow-exit = yes ; use-pid-file = yes ; system-instance = no -; disable-shm = no +; enable-shm = yes ; shm-size-bytes = 0 # setting this 0 will use the system-default, usually 64 MiB ; lock-memory = no -; no-cpu-limit = no +; cpu-limit = yes ; high-priority = yes ; nice-level = -11 @@ -51,8 +51,8 @@ ; log-backtrace = 0 ; resample-method = speex-float-3 -; disable-remixing = no -; disable-lfe-remixing = yes +; enable-remixing = yes +; enable-lfe-remixing = no ; flat-volumes = yes diff --git a/src/daemon/main.c b/src/daemon/main.c index 7a951954..8521e720 100644 --- a/src/daemon/main.c +++ b/src/daemon/main.c @@ -65,10 +65,6 @@ #include <dbus/dbus.h> #endif -#ifdef __linux__ -#include <sys/personality.h> -#endif - #include <pulse/mainloop.h> #include <pulse/mainloop-signal.h> #include <pulse/timeval.h> @@ -446,15 +442,12 @@ int main(int argc, char *argv[]) { * context we have been started. Let's cleanup our execution * context as good as possible */ -#ifdef __linux__ - if (personality(PER_LINUX) < 0) - pa_log_warn("Uh, personality() failed: %s", pa_cstrerror(errno)); -#endif - + pa_reset_personality(); pa_drop_root(); pa_close_all(passed_fd, -1); pa_reset_sigs(-1); pa_unblock_sigs(-1); + pa_reset_priority(); setlocale(LC_ALL, ""); pa_init_i18n(); diff --git a/src/daemon/pulseaudio-system.conf b/src/daemon/pulseaudio-system.conf new file mode 100644 index 00000000..edddaf93 --- /dev/null +++ b/src/daemon/pulseaudio-system.conf @@ -0,0 +1,37 @@ +<?xml version="1.0"?><!--*-nxml-*--> +<!DOCTYPE busconfig PUBLIC "-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN" + "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd"> + +<!-- +This file is part of PulseAudio. + +PulseAudio is free software; you can redistribute it and/or modify it +under the terms of the GNU Lesser General Public License as +published by the Free Software Foundation; either version 2.1 of the +License, or (at your option) any later version. + +PulseAudio is distributed in the hope that it will be useful, but WITHOUT +ANY WARRANTY; without even the implied warranty of MERCHANTABILITY +or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General +Public License for more details. + +You should have received a copy of the GNU Lesser General Public +License along with PulseAudio; if not, write to the Free Software +Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 +USA. +--> + +<busconfig> + + <!-- System-wide PulseAudio runs as 'pulse' user. This fragment is + not necessary for user PulseAudio instances. --> + + <policy user="pulse"> + <allow own="org.pulseaudio.Server"/> + + <!-- Allow pulseaudio to talk to HAL for device detection --> + <allow send_destination="org.freedesktop.Hal" send_interface="org.freedesktop.Hal.Manager"/> + <allow send_destination="org.freedesktop.Hal" send_interface="org.freedesktop.Hal.Device"/> + </policy> + +</busconfig> |