On Mon, 10 Nov 2014 11:08:38 +0000, Simon McVittie wrote: > On 10/11/14 02:59, Christian Hofstaedtler wrote: >> I vaguely remember PolicyKit being involved in the daemon situation, >> when mpd tries to talk to a pulseaudio server which magically gets >> spawned > > PolicyKit is typically (only?) used when a less-privileged process, > typically a user interface, communicates with a more-privileged service. > It's possible that something PK-related is going on, but I can't > immediately see any reason why either mpd or PulseAudio would want to > interact with it: both normally run with an ordinary user's privileges. > > The typical scenario is: > > * I tell NetworkManager to connect to a wireless network > (or tell some other privileged service to do some other action) > > * NetworkManager (or other privileged service) asks PolicyKit "is it OK > to let smcv do this?" > > * PolicyKit consults its sysadmin-, distro- or upstream-supplied > policies, checks the facts relevant to those policies (I am in > some groups, I am actively logged-in locally), optionally asks me > for my password to confirm that I am actually present, and replies > "yes" or "no"
I'm not sure if it is PolicyKit or a related service (old documentation suggests it was ConsoleKit, nowadays it should be logind?), but /dev/snd/ * get ACLs added for the currently logged in users: % getfacl /dev/snd/controlC0 getfacl: Removing leading '/' from absolute path names # file: dev/snd/controlC0 # owner: root # group: audio user::rw- user:felipe:rw- group::rw- mask::rw- other::--- Thus any user (not on the audio group) process will not have access to the audio device until that user is on a physical terminal. AFAICT, pulseaudio does not talk directly to polkitd. -- Saludos, Felipe Sateler -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/m3t1gp$77d$1...@ger.gmane.org