Re: What is the policy on audio group? and, proposal of a new group for the jack audio server
On Mon, 10 Nov 2014 11:08:38 +0000, Simon McVittie wrote:
> On 10/11/14 02:59, Christian Hofstaedtler wrote:
>> I vaguely remember PolicyKit being involved in the daemon situation,
>> when mpd tries to talk to a pulseaudio server which magically gets
>> spawned
>
> PolicyKit is typically (only?) used when a less-privileged process,
> typically a user interface, communicates with a more-privileged service.
> It's possible that something PK-related is going on, but I can't
> immediately see any reason why either mpd or PulseAudio would want to
> interact with it: both normally run with an ordinary user's privileges.
>
> The typical scenario is:
>
> * I tell NetworkManager to connect to a wireless network
> (or tell some other privileged service to do some other action)
>
> * NetworkManager (or other privileged service) asks PolicyKit "is it OK
> to let smcv do this?"
>
> * PolicyKit consults its sysadmin-, distro- or upstream-supplied
> policies, checks the facts relevant to those policies (I am in
> some groups, I am actively logged-in locally), optionally asks me
> for my password to confirm that I am actually present, and replies
> "yes" or "no"
I'm not sure if it is PolicyKit or a related service (old documentation
suggests it was ConsoleKit, nowadays it should be logind?), but /dev/snd/
* get ACLs added for the currently logged in users:
% getfacl /dev/snd/controlC0
getfacl: Removing leading '/' from absolute path names
# file: dev/snd/controlC0
# owner: root
# group: audio
user::rw-
user:felipe:rw-
group::rw-
mask::rw-
other::---
Thus any user (not on the audio group) process will not have access to
the audio device until that user is on a physical terminal.
AFAICT, pulseaudio does not talk directly to polkitd.
--
Saludos,
Felipe Sateler
Reply to: