summaryrefslogtreecommitdiffstats
path: root/src/daemon
diff options
context:
space:
mode:
Diffstat (limited to 'src/daemon')
-rw-r--r--src/daemon/caps.c15
-rw-r--r--src/daemon/cmdline.c5
-rw-r--r--src/daemon/daemon-conf.c40
-rw-r--r--src/daemon/daemon.conf.in12
-rw-r--r--src/daemon/main.c66
-rw-r--r--src/daemon/polkit.c172
-rw-r--r--src/daemon/polkit.h27
-rw-r--r--src/daemon/pulseaudio-system.conf37
8 files changed, 140 insertions, 234 deletions
diff --git a/src/daemon/caps.c b/src/daemon/caps.c
index 294be494..76b62e03 100644
--- a/src/daemon/caps.c
+++ b/src/daemon/caps.c
@@ -57,24 +57,29 @@ void pa_drop_root(void) {
#ifdef HAVE_GETUID
uid_t uid;
+ gid_t gid;
+ pa_log_debug(_("Cleaning up privileges."));
uid = getuid();
- if (uid == 0 || geteuid() != 0)
- return;
-
- pa_log_info(_("Dropping root privileges."));
+ gid = getgid();
#if defined(HAVE_SETRESUID)
pa_assert_se(setresuid(uid, uid, uid) >= 0);
+ pa_assert_se(setresgid(gid, gid, gid) >= 0);
#elif defined(HAVE_SETREUID)
pa_assert_se(setreuid(uid, uid) >= 0);
+ pa_assert_se(setregid(gid, gid) >= 0);
#else
pa_assert_se(setuid(uid) >= 0);
pa_assert_se(seteuid(uid) >= 0);
+ pa_assert_se(setgid(gid) >= 0);
+ pa_assert_se(setegid(gid) >= 0);
#endif
pa_assert_se(getuid() == uid);
pa_assert_se(geteuid() == uid);
+ pa_assert_se(getgid() == gid);
+ pa_assert_se(getegid() == gid);
#endif
#ifdef HAVE_SYS_PRCTL_H
@@ -82,7 +87,7 @@ void pa_drop_root(void) {
#endif
#ifdef HAVE_SYS_CAPABILITY_H
- {
+ if (uid != 0) {
cap_t caps;
pa_assert_se(caps = cap_init());
pa_assert_se(cap_clear(caps) == 0);
diff --git a/src/daemon/cmdline.c b/src/daemon/cmdline.c
index ecb38486..f6cdcdc8 100644
--- a/src/daemon/cmdline.c
+++ b/src/daemon/cmdline.c
@@ -385,11 +385,6 @@ int pa_cmdline_parse(pa_daemon_conf *conf, int argc, char *const argv [], int *d
pa_xfree(conf->script_commands);
conf->script_commands = pa_strbuf_tostring_free(buf);
- if (!conf->script_commands) {
- pa_xfree(conf->script_commands);
- conf->script_commands = NULL;
- }
-
*d = optind;
return 0;
diff --git a/src/daemon/daemon-conf.c b/src/daemon/daemon-conf.c
index 9010f2f6..6e7926f8 100644
--- a/src/daemon/daemon-conf.c
+++ b/src/daemon/daemon-conf.c
@@ -83,7 +83,7 @@ static const pa_daemon_conf default_conf = {
.config_file = NULL,
.use_pid_file = TRUE,
.system_instance = FALSE,
- .no_cpu_limit = FALSE,
+ .no_cpu_limit = TRUE,
.disable_shm = FALSE,
.lock_memory = FALSE,
.default_n_fragments = 4,
@@ -133,9 +133,25 @@ static const pa_daemon_conf default_conf = {
};
pa_daemon_conf* pa_daemon_conf_new(void) {
- pa_daemon_conf *c = pa_xnewdup(pa_daemon_conf, &default_conf, 1);
+ pa_daemon_conf *c;
+
+ c = pa_xnewdup(pa_daemon_conf, &default_conf, 1);
+
+#if defined(__linux__) && !defined(__OPTIMIZE__)
+
+ /* We abuse __OPTIMIZE__ as a check whether we are a debug build
+ * or not. If we are and are run from the build tree then we
+ * override the search path to point to our build tree */
+
+ if (pa_run_from_build_tree()) {
+ pa_log_notice("Detected that we are run from the build tree, fixing search path.");
+ c->dl_search_path = pa_xstrdup(PA_BUILDDIR "/.libs/");
+
+ } else
+
+#endif
+ c->dl_search_path = pa_xstrdup(PA_DLSEARCHPATH);
- c->dl_search_path = pa_xstrdup(PA_DLSEARCHPATH);
return c;
}
@@ -441,11 +457,15 @@ int pa_daemon_conf_load(pa_daemon_conf *c, const char *filename) {
{ "high-priority", pa_config_parse_bool, &c->high_priority, NULL },
{ "realtime-scheduling", pa_config_parse_bool, &c->realtime_scheduling, NULL },
{ "disallow-module-loading", pa_config_parse_bool, &c->disallow_module_loading, NULL },
+ { "allow-module-loading", pa_config_parse_not_bool, &c->disallow_module_loading, NULL },
{ "disallow-exit", pa_config_parse_bool, &c->disallow_exit, NULL },
+ { "allow-exit", pa_config_parse_not_bool, &c->disallow_exit, NULL },
{ "use-pid-file", pa_config_parse_bool, &c->use_pid_file, NULL },
{ "system-instance", pa_config_parse_bool, &c->system_instance, NULL },
{ "no-cpu-limit", pa_config_parse_bool, &c->no_cpu_limit, NULL },
+ { "cpu-limit", pa_config_parse_not_bool, &c->no_cpu_limit, NULL },
{ "disable-shm", pa_config_parse_bool, &c->disable_shm, NULL },
+ { "enable-shm", pa_config_parse_not_bool, &c->disable_shm, NULL },
{ "flat-volumes", pa_config_parse_bool, &c->flat_volumes, NULL },
{ "lock-memory", pa_config_parse_bool, &c->lock_memory, NULL },
{ "exit-idle-time", pa_config_parse_int, &c->exit_idle_time, NULL },
@@ -465,7 +485,9 @@ int pa_daemon_conf_load(pa_daemon_conf *c, const char *filename) {
{ "default-fragment-size-msec", parse_fragment_size_msec, c, NULL },
{ "nice-level", parse_nice_level, c, NULL },
{ "disable-remixing", pa_config_parse_bool, &c->disable_remixing, NULL },
+ { "enable-remixing", pa_config_parse_not_bool, &c->disable_remixing, NULL },
{ "disable-lfe-remixing", pa_config_parse_bool, &c->disable_lfe_remixing, NULL },
+ { "enable-lfe-remixing", pa_config_parse_not_bool, &c->disable_lfe_remixing, NULL },
{ "load-default-script-file", pa_config_parse_bool, &c->load_default_script_file, NULL },
{ "shm-size-bytes", pa_config_parse_size, &c->shm_size, NULL },
{ "log-meta", pa_config_parse_bool, &c->log_meta, NULL },
@@ -623,12 +645,12 @@ char *pa_daemon_conf_dump(pa_daemon_conf *c) {
pa_strbuf_printf(s, "nice-level = %i\n", c->nice_level);
pa_strbuf_printf(s, "realtime-scheduling = %s\n", pa_yes_no(c->realtime_scheduling));
pa_strbuf_printf(s, "realtime-priority = %i\n", c->realtime_priority);
- pa_strbuf_printf(s, "disallow-module-loading = %s\n", pa_yes_no(c->disallow_module_loading));
- pa_strbuf_printf(s, "disallow-exit = %s\n", pa_yes_no(c->disallow_exit));
+ pa_strbuf_printf(s, "allow-module-loading = %s\n", pa_yes_no(!c->disallow_module_loading));
+ pa_strbuf_printf(s, "allow-exit = %s\n", pa_yes_no(!c->disallow_exit));
pa_strbuf_printf(s, "use-pid-file = %s\n", pa_yes_no(c->use_pid_file));
pa_strbuf_printf(s, "system-instance = %s\n", pa_yes_no(c->system_instance));
- pa_strbuf_printf(s, "no-cpu-limit = %s\n", pa_yes_no(c->no_cpu_limit));
- pa_strbuf_printf(s, "disable-shm = %s\n", pa_yes_no(c->disable_shm));
+ pa_strbuf_printf(s, "cpu-limit = %s\n", pa_yes_no(!c->no_cpu_limit));
+ pa_strbuf_printf(s, "enable-shm = %s\n", pa_yes_no(!c->disable_shm));
pa_strbuf_printf(s, "flat-volumes = %s\n", pa_yes_no(c->flat_volumes));
pa_strbuf_printf(s, "lock-memory = %s\n", pa_yes_no(c->lock_memory));
pa_strbuf_printf(s, "exit-idle-time = %i\n", c->exit_idle_time);
@@ -639,8 +661,8 @@ char *pa_daemon_conf_dump(pa_daemon_conf *c) {
pa_strbuf_printf(s, "log-target = %s\n", c->auto_log_target ? "auto" : (c->log_target == PA_LOG_SYSLOG ? "syslog" : "stderr"));
pa_strbuf_printf(s, "log-level = %s\n", log_level_to_string[c->log_level]);
pa_strbuf_printf(s, "resample-method = %s\n", pa_resample_method_to_string(c->resample_method));
- pa_strbuf_printf(s, "disable-remixing = %s\n", pa_yes_no(c->disable_remixing));
- pa_strbuf_printf(s, "disable-lfe-remixing = %s\n", pa_yes_no(c->disable_lfe_remixing));
+ pa_strbuf_printf(s, "enable-remixing = %s\n", pa_yes_no(!c->disable_remixing));
+ pa_strbuf_printf(s, "enable-lfe-remixing = %s\n", pa_yes_no(!c->disable_lfe_remixing));
pa_strbuf_printf(s, "default-sample-format = %s\n", pa_sample_format_to_string(c->default_sample_spec.format));
pa_strbuf_printf(s, "default-sample-rate = %u\n", c->default_sample_spec.rate);
pa_strbuf_printf(s, "default-sample-channels = %u\n", c->default_sample_spec.channels);
diff --git a/src/daemon/daemon.conf.in b/src/daemon/daemon.conf.in
index 6931359c..db2059e1 100644
--- a/src/daemon/daemon.conf.in
+++ b/src/daemon/daemon.conf.in
@@ -21,14 +21,14 @@
; daemonize = no
; fail = yes
-; disallow-module-loading = no
-; disallow-exit = no
+; allow-module-loading = yes
+; allow-exit = yes
; use-pid-file = yes
; system-instance = no
-; disable-shm = no
+; enable-shm = yes
; shm-size-bytes = 0 # setting this 0 will use the system-default, usually 64 MiB
; lock-memory = no
-; no-cpu-limit = no
+; cpu-limit = no
; high-priority = yes
; nice-level = -11
@@ -51,8 +51,8 @@
; log-backtrace = 0
; resample-method = speex-float-3
-; disable-remixing = no
-; disable-lfe-remixing = yes
+; enable-remixing = yes
+; enable-lfe-remixing = no
; flat-volumes = yes
diff --git a/src/daemon/main.c b/src/daemon/main.c
index 0f6fc907..af59adef 100644
--- a/src/daemon/main.c
+++ b/src/daemon/main.c
@@ -39,8 +39,6 @@
#include <sys/types.h>
#include <sys/stat.h>
-#include <liboil/liboil.h>
-
#ifdef HAVE_SYS_MMAN_H
#include <sys/mman.h>
#endif
@@ -95,6 +93,8 @@
#ifdef HAVE_DBUS
#include <pulsecore/dbus-shared.h>
#endif
+#include <pulsecore/cpu-arm.h>
+#include <pulsecore/cpu-x86.h>
#include "cmdline.h"
#include "cpulimit.h"
@@ -109,7 +109,7 @@ int allow_severity = LOG_INFO;
int deny_severity = LOG_WARNING;
#endif
-#ifdef HAVE_OSS
+#ifdef HAVE_OSS_WRAPPER
/* padsp looks for this symbol in the running process and disables
* itself if it finds it and it is set to 7 (which is actually a bit
* mask). For details see padsp. */
@@ -259,9 +259,14 @@ static int change_user(void) {
pa_set_env("HOME", PA_SYSTEM_RUNTIME_PATH);
/* Relevant for pa_runtime_path() */
- pa_set_env("PULSE_RUNTIME_PATH", PA_SYSTEM_RUNTIME_PATH);
- pa_set_env("PULSE_CONFIG_PATH", PA_SYSTEM_CONFIG_PATH);
- pa_set_env("PULSE_STATE_PATH", PA_SYSTEM_STATE_PATH);
+ if (!getenv("PULSE_RUNTIME_PATH"))
+ pa_set_env("PULSE_RUNTIME_PATH", PA_SYSTEM_RUNTIME_PATH);
+
+ if (!getenv("PULSE_CONFIG_PATH"))
+ pa_set_env("PULSE_CONFIG_PATH", PA_SYSTEM_CONFIG_PATH);
+
+ if (!getenv("PULSE_STATE_PATH"))
+ pa_set_env("PULSE_STATE_PATH", PA_SYSTEM_STATE_PATH);
pa_log_info(_("Successfully dropped root privileges."));
@@ -401,6 +406,36 @@ int main(int argc, char *argv[]) {
pa_log_set_level(PA_LOG_NOTICE);
pa_log_set_flags(PA_LOG_COLORS|PA_LOG_PRINT_FILE|PA_LOG_PRINT_LEVEL, PA_LOG_RESET);
+#if defined(__linux__) && defined(__OPTIMIZE__)
+ /*
+ Disable lazy relocations to make usage of external libraries
+ more deterministic for our RT threads. We abuse __OPTIMIZE__ as
+ a check whether we are a debug build or not. This all is
+ admittedly a bit snake-oilish.
+ */
+
+ if (!getenv("LD_BIND_NOW")) {
+ char *rp;
+
+ /* We have to execute ourselves, because the libc caches the
+ * value of $LD_BIND_NOW on initialization. */
+
+ pa_set_env("LD_BIND_NOW", "1");
+
+ if ((rp = pa_readlink("/proc/self/exe"))) {
+
+ if (pa_streq(rp, PA_BINARY))
+ pa_assert_se(execv(rp, argv) == 0);
+ else
+ pa_log_warn("/proc/self/exe does not point to " PA_BINARY ", cannot self execute. Are you playing games?");
+
+ pa_xfree(rp);
+
+ } else
+ pa_log_warn("Couldn't read /proc/self/exe, cannot self execute. Running in a chroot()?");
+ }
+#endif
+
if ((e = getenv("PULSE_PASSED_FD"))) {
passed_fd = atoi(e);
@@ -411,10 +446,13 @@ int main(int argc, char *argv[]) {
/* We might be autospawned, in which case have no idea in which
* context we have been started. Let's cleanup our execution
* context as good as possible */
+
+ pa_reset_personality();
pa_drop_root();
pa_close_all(passed_fd, -1);
pa_reset_sigs(-1);
pa_unblock_sigs(-1);
+ pa_reset_priority();
setlocale(LC_ALL, "");
pa_init_i18n();
@@ -668,7 +706,7 @@ int main(int argc, char *argv[]) {
#endif
}
- pa_set_env("PULSE_INTERNAL", "1");
+ pa_set_env_and_record("PULSE_INTERNAL", "1");
pa_assert_se(chdir("/") == 0);
umask(0022);
@@ -683,7 +721,7 @@ int main(int argc, char *argv[]) {
if (change_user() < 0)
goto finish;
- pa_set_env("PULSE_SYSTEM", conf->system_instance ? "1" : "0");
+ pa_set_env_and_record("PULSE_SYSTEM", conf->system_instance ? "1" : "0");
pa_log_info(_("This is PulseAudio %s"), PACKAGE_VERSION);
pa_log_debug(_("Compilation host: %s"), CANONICAL_HOST);
@@ -741,6 +779,8 @@ int main(int argc, char *argv[]) {
pa_log_info(_("Using state directory %s."), s);
pa_xfree(s);
+ pa_log_info(_("Using modules directory %s."), conf->dl_search_path);
+
pa_log_info(_("Running in system mode: %s"), pa_yes_no(pa_in_system_mode()));
if (pa_in_system_mode())
@@ -788,6 +828,11 @@ int main(int argc, char *argv[]) {
pa_memtrap_install();
+ if (!getenv("PULSE_NO_SIMD")) {
+ pa_cpu_init_x86();
+ pa_cpu_init_arm();
+ }
+
pa_assert_se(mainloop = pa_mainloop_new());
if (!(c = pa_core_new(pa_mainloop_get_api(mainloop), !conf->disable_shm, conf->shm_size))) {
@@ -827,8 +872,6 @@ int main(int argc, char *argv[]) {
win32_timer = pa_mainloop_get_api(mainloop)->rtclock_time_new(pa_mainloop_get_api(mainloop), pa_gettimeofday(&win32_tv), message_cb, NULL);
#endif
- oil_init();
-
if (!conf->no_cpu_limit)
pa_assert_se(pa_cpu_limit_init(pa_mainloop_get_api(mainloop)) == 0);
@@ -927,6 +970,9 @@ finish:
if (valid_pid_file)
pa_pid_file_remove();
+ /* This has no real purpose except making things valgrind-clean */
+ pa_unset_env_recorded();
+
#ifdef OS_IS_WIN32
WSACleanup();
#endif
diff --git a/src/daemon/polkit.c b/src/daemon/polkit.c
deleted file mode 100644
index 9799e094..00000000
--- a/src/daemon/polkit.c
+++ /dev/null
@@ -1,172 +0,0 @@
-/***
- This file is part of PulseAudio.
-
- Copyright 2004-2006 Lennart Poettering
- Copyright 2006 Pierre Ossman <ossman@cendio.se> for Cendio AB
-
- PulseAudio is free software; you can redistribute it and/or modify
- it under the terms of the GNU Lesser General Public License as published
- by the Free Software Foundation; either version 2.1 of the License,
- or (at your option) any later version.
-
- PulseAudio is distributed in the hope that it will be useful, but
- WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- General Public License for more details.
-
- You should have received a copy of the GNU Lesser General Public License
- along with PulseAudio; if not, write to the Free Software
- Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
- USA.
-***/
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-#endif
-
-#include <unistd.h>
-#include <stdlib.h>
-#include <inttypes.h>
-
-#include <dbus/dbus.h>
-#include <polkit-dbus/polkit-dbus.h>
-
-#include <pulse/i18n.h>
-
-#include <pulsecore/log.h>
-#include <pulsecore/macro.h>
-
-#include "polkit.h"
-
-int pa_polkit_check(const char *action_id) {
- int ret = -1;
- DBusError dbus_error;
- DBusConnection *bus = NULL;
- PolKitCaller *caller = NULL;
- PolKitAction *action = NULL;
- PolKitContext *context = NULL;
- PolKitError *polkit_error = NULL;
- PolKitSession *session = NULL;
- PolKitResult polkit_result;
-
- dbus_error_init(&dbus_error);
-
- if (!(bus = dbus_bus_get(DBUS_BUS_SYSTEM, &dbus_error))) {
- pa_log_error(_("Cannot connect to system bus: %s"), dbus_error.message);
- goto finish;
- }
-
- /* There seems to be a bug in some versions of D-Bus that causes
- * dbus_shutdown() to call exit() when a connection without this
- * flag disabled was created during runtime.*/
- dbus_connection_set_exit_on_disconnect(bus, FALSE);
-
- if (!(caller = polkit_caller_new_from_pid(bus, getpid(), &dbus_error))) {
- pa_log_error(_("Cannot get caller from PID: %s"), dbus_error.message);
- goto finish;
- }
-
- /* This function is called when PulseAudio is called SUID root. We
- * want to authenticate the real user that called us and not the
- * effective user we gained through being SUID root. Hence we
- * overwrite the UID caller data here explicitly, just for
- * paranoia. In fact PolicyKit should fill in the UID here anyway
- * -- an not the EUID or any other user id. */
-
- if (!(polkit_caller_set_uid(caller, getuid()))) {
- pa_log_error(_("Cannot set UID on caller object."));
- goto finish;
- }
-
- if (!(polkit_caller_get_ck_session(caller, &session))) {
- pa_log_error(_("Failed to get CK session."));
- goto finish;
- }
-
- /* We need to overwrite the UID in both the caller and the session
- * object */
-
- if (!(polkit_session_set_uid(session, getuid()))) {
- pa_log_error(_("Cannot set UID on session object."));
- goto finish;
- }
-
- if (!(action = polkit_action_new())) {
- pa_log_error(_("Cannot allocate PolKitAction."));
- goto finish;
- }
-
- if (!polkit_action_set_action_id(action, action_id)) {
- pa_log_error(_("Cannot set action_id"));
- goto finish;
- }
-
- if (!(context = polkit_context_new())) {
- pa_log_error(_("Cannot allocate PolKitContext."));
- goto finish;
- }
-
- if (!polkit_context_init(context, &polkit_error)) {
- pa_log_error(_("Cannot initialize PolKitContext: %s"), polkit_error_get_error_message(polkit_error));
- goto finish;
- }
-
- for (;;) {
-
- polkit_result = polkit_context_is_caller_authorized(context, action, caller, TRUE, &polkit_error);
-
- if (polkit_error_is_set(polkit_error)) {
- pa_log_error(_("Could not determine whether caller is authorized: %s"), polkit_error_get_error_message(polkit_error));
- goto finish;
- }
-
- if (polkit_result == POLKIT_RESULT_ONLY_VIA_ADMIN_AUTH ||
- polkit_result == POLKIT_RESULT_ONLY_VIA_ADMIN_AUTH_KEEP_SESSION ||
- polkit_result == POLKIT_RESULT_ONLY_VIA_ADMIN_AUTH_KEEP_ALWAYS ||
- polkit_result == POLKIT_RESULT_ONLY_VIA_ADMIN_AUTH_ONE_SHOT ||
- polkit_result == POLKIT_RESULT_ONLY_VIA_SELF_AUTH ||
- polkit_result == POLKIT_RESULT_ONLY_VIA_SELF_AUTH_KEEP_SESSION ||
- polkit_result == POLKIT_RESULT_ONLY_VIA_SELF_AUTH_KEEP_ALWAYS ||
- polkit_result == POLKIT_RESULT_ONLY_VIA_SELF_AUTH_ONE_SHOT
- ) {
-
- if (polkit_auth_obtain(action_id, 0, getpid(), &dbus_error)) {
- polkit_result = POLKIT_RESULT_YES;
- break;
- }
-
- if (dbus_error_is_set(&dbus_error)) {
- pa_log_error(_("Cannot obtain auth: %s"), dbus_error.message);
- goto finish;
- }
- }
-
- break;
- }
-
- if (polkit_result != POLKIT_RESULT_YES && polkit_result != POLKIT_RESULT_NO)
- pa_log_warn(_("PolicyKit responded with '%s'"), polkit_result_to_string_representation(polkit_result));
-
- ret = polkit_result == POLKIT_RESULT_YES;
-
-finish:
-
- if (caller)
- polkit_caller_unref(caller);
-
- if (action)
- polkit_action_unref(action);
-
- if (context)
- polkit_context_unref(context);
-
- if (bus)
- dbus_connection_unref(bus);
-
- dbus_error_free(&dbus_error);
-
- if (polkit_error)
- polkit_error_free(polkit_error);
-
- return ret;
-}
diff --git a/src/daemon/polkit.h b/src/daemon/polkit.h
deleted file mode 100644
index 018f6ef1..00000000
--- a/src/daemon/polkit.h
+++ /dev/null
@@ -1,27 +0,0 @@
-#ifndef foopolkithfoo
-#define foopolkithfoo
-
-/***
- This file is part of PulseAudio.
-
- Copyright 2007 Lennart Poettering
-
- PulseAudio is free software; you can redistribute it and/or modify
- it under the terms of the GNU Lesser General Public License as published
- by the Free Software Foundation; either version 2.1 of the License,
- or (at your option) any later version.
-
- PulseAudio is distributed in the hope that it will be useful, but
- WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- General Public License for more details.
-
- You should have received a copy of the GNU Lesser General Public License
- along with PulseAudio; if not, write to the Free Software
- Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
- USA.
-***/
-
-int pa_polkit_check(const char *action);
-
-#endif
diff --git a/src/daemon/pulseaudio-system.conf b/src/daemon/pulseaudio-system.conf
new file mode 100644
index 00000000..edddaf93
--- /dev/null
+++ b/src/daemon/pulseaudio-system.conf
@@ -0,0 +1,37 @@
+<?xml version="1.0"?><!--*-nxml-*-->
+<!DOCTYPE busconfig PUBLIC "-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN"
+ "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
+
+<!--
+This file is part of PulseAudio.
+
+PulseAudio is free software; you can redistribute it and/or modify it
+under the terms of the GNU Lesser General Public License as
+published by the Free Software Foundation; either version 2.1 of the
+License, or (at your option) any later version.
+
+PulseAudio is distributed in the hope that it will be useful, but WITHOUT
+ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General
+Public License for more details.
+
+You should have received a copy of the GNU Lesser General Public
+License along with PulseAudio; if not, write to the Free Software
+Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
+USA.
+-->
+
+<busconfig>
+
+ <!-- System-wide PulseAudio runs as 'pulse' user. This fragment is
+ not necessary for user PulseAudio instances. -->
+
+ <policy user="pulse">
+ <allow own="org.pulseaudio.Server"/>
+
+ <!-- Allow pulseaudio to talk to HAL for device detection -->
+ <allow send_destination="org.freedesktop.Hal" send_interface="org.freedesktop.Hal.Manager"/>
+ <allow send_destination="org.freedesktop.Hal" send_interface="org.freedesktop.Hal.Device"/>
+ </policy>
+
+</busconfig>
generated by cgit (git 2.34.1) at 2025-07-10 03:25:37 +0000