Re: [systemd-devel] How to change XDG_RUNTIME_DIR permissions
On Mon, Apr 9, 2018, 21:35 Simon McVittiewrote: > On Mon, 09 Apr 2018 at 17:27:10 +, john terragon wrote: > > created by the logind service.I want to make the socket of the pulseaudio > > server of one particular user available to all the others. > > This is basically PulseAudio system-wide mode: > > https://www.freedesktop.org/wiki/Software/PulseAudio/Documentation/User/SystemWide/ > > https://www.freedesktop.org/wiki/Software/PulseAudio/Documentation/User/WhatIsWrongWithSystemWide/ > > ... except worse, because instead of potentially being able to escalate > privileges to a dedicated system uid that runs the PulseAudio system > server, you can potentially escalate privileges to the account of > another user. > > I would suggest using the system-wide mode instead: it's a bad idea > for all the reasons listed in the link above, but seems less bad than > reinventing it via a user's account. > Except for the shared memory part, which I seem to remember has finally been solved using memfd sealing? > -- Mantas Mikulėnas Sent from my phone ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] How to change XDG_RUNTIME_DIR permissions
On Mon, 09 Apr 2018 at 17:27:10 +, john terragon wrote: > created by the logind service.I want to make the socket of the pulseaudio > server of one particular user available to all the others. This is basically PulseAudio system-wide mode: https://www.freedesktop.org/wiki/Software/PulseAudio/Documentation/User/SystemWide/ https://www.freedesktop.org/wiki/Software/PulseAudio/Documentation/User/WhatIsWrongWithSystemWide/ ... except worse, because instead of potentially being able to escalate privileges to a dedicated system uid that runs the PulseAudio system server, you can potentially escalate privileges to the account of another user. I would suggest using the system-wide mode instead: it's a bad idea for all the reasons listed in the link above, but seems less bad than reinventing it via a user's account. smcv ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/systemd-devel
[systemd-devel] How to change XDG_RUNTIME_DIR permissions
Hi. As far as I understand the XDG_RUNTIME_DIR (in debian it's /run/user/) is created by the logind service.I want to make the socket of the pulseaudio server of one particular user available to all the others. In debian that socket is in $XDG_RUNTIME_DIR/pulse/. The problem is that $XDG_RUNTIME_DIR is created with 700 and even if I change (after it's been created) the permissions to 711, they are automatically changed back to 700 after few seconds (security feature?). Is there a way to specify to logind (if that is indeed the service responsible) the permissions with which $XDG_RUNTIME_DIR should be created? Thanks John. ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/systemd-devel