pulseaudio/src/daemon/caps.c

/***
  This file is part of PulseAudio.

  Copyright 2004-2006 Lennart Poettering
  Copyright 2006 Pierre Ossman <ossman@cendio.se> for Cendio AB

  PulseAudio is free software; you can redistribute it and/or modify
  it under the terms of the GNU Lesser General Public License as published
  by the Free Software Foundation; either version 2 of the License,
  or (at your option) any later version.

  PulseAudio is distributed in the hope that it will be useful, but
  WITHOUT ANY WARRANTY; without even the implied warranty of
  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
  General Public License for more details.

  You should have received a copy of the GNU Lesser General Public License
  along with PulseAudio; if not, write to the Free Software
  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
  USA.
***/

#ifdef HAVE_CONFIG_H
#include <config.h>
#endif

#include <unistd.h>
#include <errno.h>
#include <string.h>
#include <sys/types.h>

#include <pulse/i18n.h>

#include <pulsecore/macro.h>
#include <pulsecore/core-error.h>
#include <pulsecore/log.h>
#include <pulsecore/core-util.h>

#ifdef HAVE_SYS_CAPABILITY_H
#include <sys/capability.h>
#endif
#ifdef HAVE_SYS_PRCTL_H
#include <sys/prctl.h>
#endif

#include "caps.h"

/* Glibc <= 2.2 has broken unistd.h */
#if defined(linux) && (__GLIBC__ <= 2 && __GLIBC_MINOR__ <= 2)
int setresgid(gid_t r, gid_t e, gid_t s);
int setresuid(uid_t r, uid_t e, uid_t s);
#endif

#ifdef HAVE_GETUID

/* Drop root rights when called SUID root */
void pa_drop_root(void) {
    uid_t uid = getuid();

    if (uid == 0 || geteuid() != 0)
        return;

    pa_log_info(_("Dropping root privileges."));

#if defined(HAVE_SETRESUID)
    pa_assert_se(setresuid(uid, uid, uid) >= 0);
#elif defined(HAVE_SETREUID)
    pa_assert_se(setreuid(uid, uid) >= 0);
#else
    pa_assert_se(setuid(uid) >= 0);
    pa_assert_se(seteuid(uid) >= 0);
#endif

    pa_assert_se(getuid() == uid);
    pa_assert_se(geteuid() == uid);
}

#else

void pa_drop_root(void) {
}

#endif

#if defined(HAVE_SYS_CAPABILITY_H) && defined(HAVE_SYS_PRCTL_H)

/* Limit permitted capabilities set to CAPSYS_NICE */
void pa_limit_caps(void) {
    cap_t caps;
    cap_value_t nice_cap = CAP_SYS_NICE;

    pa_assert_se(caps = cap_init());
    pa_assert_se(cap_clear(caps) == 0);
    pa_assert_se(cap_set_flag(caps, CAP_EFFECTIVE, 1, &nice_cap, CAP_SET) == 0);
    pa_assert_se(cap_set_flag(caps, CAP_PERMITTED, 1, &nice_cap, CAP_SET) == 0);

    if (cap_set_proc(caps) < 0)
        /* Hmm, so we couldn't limit our caps, which probably means we
         * hadn't any in the first place, so let's just make sure of
         * that */
        pa_drop_caps();
    else
        pa_log_info(_("Limited capabilities successfully to CAP_SYS_NICE."));

    pa_assert_se(cap_free(caps) == 0);

    pa_assert_se(prctl(PR_SET_KEEPCAPS, 1, 0, 0, 0) == 0);
}

/* Drop all capabilities, effectively becoming a normal user */
void pa_drop_caps(void) {
    cap_t caps;

#ifndef __OPTIMIZE__
    /* Valgrind doesn't not know set_caps, so we bypass it here -- but
     * only in development builds.*/

    if (pa_in_valgrind() && !pa_have_caps())
        return;
#endif

    pa_assert_se(prctl(PR_SET_KEEPCAPS, 0, 0, 0, 0) == 0);

    pa_assert_se(caps = cap_init());
    pa_assert_se(cap_clear(caps) == 0);
    pa_assert_se(cap_set_proc(caps) == 0);
    pa_assert_se(cap_free(caps) == 0);

    pa_assert_se(!pa_have_caps());
}

pa_bool_t pa_have_caps(void) {
    cap_t caps;
    cap_flag_value_t flag = CAP_CLEAR;

#ifdef __OPTIMIZE__
    pa_assert_se(caps = cap_get_proc());
#else
    if (!(caps = cap_get_proc()))
        return FALSE;
#endif
    pa_assert_se(cap_get_flag(caps, CAP_SYS_NICE, CAP_EFFECTIVE, &flag) >= 0);
    pa_assert_se(cap_free(caps) == 0);

    return flag == CAP_SET;
}

#else

/* NOOPs in case capabilities are not available. */
void pa_limit_caps(void) {
}

void pa_drop_caps(void) {
    pa_drop_root();
}

pa_bool_t pa_have_caps(void) {
    return FALSE;
}

#endif
add support for capabilities git-svn-id: file:///home/lennart/svn/public/pulseaudio/trunk@233 fefdeb5f-60dc-0310-8127-8f9354f1896f 2004-09-23 15:47:11 +00:00			`/***`
big s/polyp/pulse/g git-svn-id: file:///home/lennart/svn/public/pulseaudio/trunk@1033 fefdeb5f-60dc-0310-8127-8f9354f1896f 2006-06-19 21:53:48 +00:00			`This file is part of PulseAudio.`
Huge trailing whitespace cleanup. Let's keep the tree pure from here on, mmmkay? git-svn-id: file:///home/lennart/svn/public/pulseaudio/trunk@1418 fefdeb5f-60dc-0310-8127-8f9354f1896f 2007-01-04 13:43:45 +00:00
Add copyright notices to all relevant files. (based on svn log) git-svn-id: file:///home/lennart/svn/public/pulseaudio/trunk@1426 fefdeb5f-60dc-0310-8127-8f9354f1896f 2007-02-13 15:35:19 +00:00			`Copyright 2004-2006 Lennart Poettering`
			`Copyright 2006 Pierre Ossman <ossman@cendio.se> for Cendio AB`

big s/polyp/pulse/g git-svn-id: file:///home/lennart/svn/public/pulseaudio/trunk@1033 fefdeb5f-60dc-0310-8127-8f9354f1896f 2006-06-19 21:53:48 +00:00			`PulseAudio is free software; you can redistribute it and/or modify`
Make the whole stuff LGPL only git-svn-id: file:///home/lennart/svn/public/pulseaudio/trunk@284 fefdeb5f-60dc-0310-8127-8f9354f1896f 2004-11-14 14:58:54 +00:00			`it under the terms of the GNU Lesser General Public License as published`
add support for capabilities git-svn-id: file:///home/lennart/svn/public/pulseaudio/trunk@233 fefdeb5f-60dc-0310-8127-8f9354f1896f 2004-09-23 15:47:11 +00:00			`by the Free Software Foundation; either version 2 of the License,`
			`or (at your option) any later version.`
Huge trailing whitespace cleanup. Let's keep the tree pure from here on, mmmkay? git-svn-id: file:///home/lennart/svn/public/pulseaudio/trunk@1418 fefdeb5f-60dc-0310-8127-8f9354f1896f 2007-01-04 13:43:45 +00:00
big s/polyp/pulse/g git-svn-id: file:///home/lennart/svn/public/pulseaudio/trunk@1033 fefdeb5f-60dc-0310-8127-8f9354f1896f 2006-06-19 21:53:48 +00:00			`PulseAudio is distributed in the hope that it will be useful, but`
add support for capabilities git-svn-id: file:///home/lennart/svn/public/pulseaudio/trunk@233 fefdeb5f-60dc-0310-8127-8f9354f1896f 2004-09-23 15:47:11 +00:00			`WITHOUT ANY WARRANTY; without even the implied warranty of`
			`MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU`
			`General Public License for more details.`
Huge trailing whitespace cleanup. Let's keep the tree pure from here on, mmmkay? git-svn-id: file:///home/lennart/svn/public/pulseaudio/trunk@1418 fefdeb5f-60dc-0310-8127-8f9354f1896f 2007-01-04 13:43:45 +00:00
Make the whole stuff LGPL only git-svn-id: file:///home/lennart/svn/public/pulseaudio/trunk@284 fefdeb5f-60dc-0310-8127-8f9354f1896f 2004-11-14 14:58:54 +00:00			`You should have received a copy of the GNU Lesser General Public License`
big s/polyp/pulse/g git-svn-id: file:///home/lennart/svn/public/pulseaudio/trunk@1033 fefdeb5f-60dc-0310-8127-8f9354f1896f 2006-06-19 21:53:48 +00:00			`along with PulseAudio; if not, write to the Free Software`
add support for capabilities git-svn-id: file:///home/lennart/svn/public/pulseaudio/trunk@233 fefdeb5f-60dc-0310-8127-8f9354f1896f 2004-09-23 15:47:11 +00:00			`Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307`
			`USA.`
			`***/`

			`#ifdef HAVE_CONFIG_H`
			`#include <config.h>`
			`#endif`

			`#include <unistd.h>`
			`#include <errno.h>`
			`#include <string.h>`
Move check for SUID into the caps functions. git-svn-id: file:///home/lennart/svn/public/pulseaudio/trunk@1119 fefdeb5f-60dc-0310-8127-8f9354f1896f 2006-07-20 13:19:16 +00:00			`#include <sys/types.h>`
add i18n support 2008-08-06 18:54:13 +02:00
			`#include <pulse/i18n.h>`

merge 'lennart' branch back into trunk. git-svn-id: file:///home/lennart/svn/public/pulseaudio/trunk@1971 fefdeb5f-60dc-0310-8127-8f9354f1896f 2007-10-28 19:13:50 +00:00			`#include <pulsecore/macro.h>`
add i18n support 2008-08-06 18:54:13 +02:00			`#include <pulsecore/core-error.h>`
			`#include <pulsecore/log.h>`
add missing inclusion 2008-10-04 01:06:35 +02:00			`#include <pulsecore/core-util.h>`
add support for capabilities git-svn-id: file:///home/lennart/svn/public/pulseaudio/trunk@233 fefdeb5f-60dc-0310-8127-8f9354f1896f 2004-09-23 15:47:11 +00:00
			`#ifdef HAVE_SYS_CAPABILITY_H`
			`#include <sys/capability.h>`
			`#endif`
when called with the setid bit change euid to uid sooner to make sure that we can access our own files even when we dropped most capabilities. (Closes #21) git-svn-id: file:///home/lennart/svn/public/pulseaudio/trunk@1455 fefdeb5f-60dc-0310-8127-8f9354f1896f 2007-05-25 20:35:30 +00:00			`#ifdef HAVE_SYS_PRCTL_H`
			`#include <sys/prctl.h>`
			`#endif`
add support for capabilities git-svn-id: file:///home/lennart/svn/public/pulseaudio/trunk@233 fefdeb5f-60dc-0310-8127-8f9354f1896f 2004-09-23 15:47:11 +00:00
			`#include "caps.h"`

glibc <= 2.2 has a broken unistd.h, lacking setresuid(). git-svn-id: file:///home/lennart/svn/public/pulseaudio/trunk@795 fefdeb5f-60dc-0310-8127-8f9354f1896f 2006-04-25 07:13:44 +00:00			`/* Glibc <= 2.2 has broken unistd.h */`
			`#if defined(linux) && (__GLIBC__ <= 2 && __GLIBC_MINOR__ <= 2)`
			`int setresgid(gid_t r, gid_t e, gid_t s);`
			`int setresuid(uid_t r, uid_t e, uid_t s);`
			`#endif`

Merge Pierre's changes git-svn-id: file:///home/lennart/svn/public/pulseaudio/trunk@445 fefdeb5f-60dc-0310-8127-8f9354f1896f 2006-01-10 17:51:06 +00:00			`#ifdef HAVE_GETUID`

* some commenting work * add new field "read_only" to memory blocks * add new API function pa_context_get_server() * filter capture data through mcalign on client * make module-tunnel use pa_socket_client_new_string() instead of using pa_resolve_server() directly. * remove pa_resolve_server() * remove debug.h and replace it by a macro definition on the gcc command line * some strbuf cleanups * small fixes in pa_stream for cleanup when server dies * new CLI command "load-sample-dir-lazy" * send FQDN as part of server info * rework mcalign, this time with memory block merging * fix iochannel cleanup when connection dies * check getaddrinfo() results git-svn-id: file:///home/lennart/svn/public/pulseaudio/trunk@286 fefdeb5f-60dc-0310-8127-8f9354f1896f 2004-11-17 00:05:25 +00:00			`/* Drop root rights when called SUID root */`
add support for capabilities git-svn-id: file:///home/lennart/svn/public/pulseaudio/trunk@233 fefdeb5f-60dc-0310-8127-8f9354f1896f 2004-09-23 15:47:11 +00:00			`void pa_drop_root(void) {`
allow high priority scheduling only for users in group "realtime" git-svn-id: file:///home/lennart/svn/public/pulseaudio/trunk@238 fefdeb5f-60dc-0310-8127-8f9354f1896f 2004-09-23 22:42:49 +00:00			`uid_t uid = getuid();`
Huge trailing whitespace cleanup. Let's keep the tree pure from here on, mmmkay? git-svn-id: file:///home/lennart/svn/public/pulseaudio/trunk@1418 fefdeb5f-60dc-0310-8127-8f9354f1896f 2007-01-04 13:43:45 +00:00
allow high priority scheduling only for users in group "realtime" git-svn-id: file:///home/lennart/svn/public/pulseaudio/trunk@238 fefdeb5f-60dc-0310-8127-8f9354f1896f 2004-09-23 22:42:49 +00:00			`if (uid == 0 \|\| geteuid() != 0)`
			`return;`
Comment some more files git-svn-id: file:///home/lennart/svn/public/pulseaudio/trunk@309 fefdeb5f-60dc-0310-8127-8f9354f1896f 2004-11-21 21:31:28 +00:00
Fix spelling of privilige 2008-10-19 22:25:58 +02:00			`pa_log_info(_("Dropping root privileges."));`
* use setresuid() instead of setruid() if available * if fix for the non-fp resampler git-svn-id: file:///home/lennart/svn/public/pulseaudio/trunk@314 fefdeb5f-60dc-0310-8127-8f9354f1896f 2004-11-26 00:07:24 +00:00
			`#if defined(HAVE_SETRESUID)`
Apply the fix for CVE-2008-0008 from 0.9.9 release on trunk. git-svn-id: file:///home/lennart/svn/public/pulseaudio/trunk@2102 fefdeb5f-60dc-0310-8127-8f9354f1896f 2008-01-24 09:35:50 +00:00			`pa_assert_se(setresuid(uid, uid, uid) >= 0);`
* use setresuid() instead of setruid() if available * if fix for the non-fp resampler git-svn-id: file:///home/lennart/svn/public/pulseaudio/trunk@314 fefdeb5f-60dc-0310-8127-8f9354f1896f 2004-11-26 00:07:24 +00:00			`#elif defined(HAVE_SETREUID)`
Apply the fix for CVE-2008-0008 from 0.9.9 release on trunk. git-svn-id: file:///home/lennart/svn/public/pulseaudio/trunk@2102 fefdeb5f-60dc-0310-8127-8f9354f1896f 2008-01-24 09:35:50 +00:00			`pa_assert_se(setreuid(uid, uid) >= 0);`
* use setresuid() instead of setruid() if available * if fix for the non-fp resampler git-svn-id: file:///home/lennart/svn/public/pulseaudio/trunk@314 fefdeb5f-60dc-0310-8127-8f9354f1896f 2004-11-26 00:07:24 +00:00			`#else`
Apply the fix for CVE-2008-0008 from 0.9.9 release on trunk. git-svn-id: file:///home/lennart/svn/public/pulseaudio/trunk@2102 fefdeb5f-60dc-0310-8127-8f9354f1896f 2008-01-24 09:35:50 +00:00			`pa_assert_se(setuid(uid) >= 0);`
			`pa_assert_se(seteuid(uid) >= 0);`
* use setresuid() instead of setruid() if available * if fix for the non-fp resampler git-svn-id: file:///home/lennart/svn/public/pulseaudio/trunk@314 fefdeb5f-60dc-0310-8127-8f9354f1896f 2004-11-26 00:07:24 +00:00			`#endif`
Apply the fix for CVE-2008-0008 from 0.9.9 release on trunk. git-svn-id: file:///home/lennart/svn/public/pulseaudio/trunk@2102 fefdeb5f-60dc-0310-8127-8f9354f1896f 2008-01-24 09:35:50 +00:00
			`pa_assert_se(getuid() == uid);`
			`pa_assert_se(geteuid() == uid);`
add support for capabilities git-svn-id: file:///home/lennart/svn/public/pulseaudio/trunk@233 fefdeb5f-60dc-0310-8127-8f9354f1896f 2004-09-23 15:47:11 +00:00			`}`

Merge Pierre's changes git-svn-id: file:///home/lennart/svn/public/pulseaudio/trunk@445 fefdeb5f-60dc-0310-8127-8f9354f1896f 2006-01-10 17:51:06 +00:00			`#else`

			`void pa_drop_root(void) {`
			`}`

			`#endif`

when called with the setid bit change euid to uid sooner to make sure that we can access our own files even when we dropped most capabilities. (Closes #21) git-svn-id: file:///home/lennart/svn/public/pulseaudio/trunk@1455 fefdeb5f-60dc-0310-8127-8f9354f1896f 2007-05-25 20:35:30 +00:00			`#if defined(HAVE_SYS_CAPABILITY_H) && defined(HAVE_SYS_PRCTL_H)`
allow high priority scheduling only for users in group "realtime" git-svn-id: file:///home/lennart/svn/public/pulseaudio/trunk@238 fefdeb5f-60dc-0310-8127-8f9354f1896f 2004-09-23 22:42:49 +00:00
when called with the setid bit change euid to uid sooner to make sure that we can access our own files even when we dropped most capabilities. (Closes #21) git-svn-id: file:///home/lennart/svn/public/pulseaudio/trunk@1455 fefdeb5f-60dc-0310-8127-8f9354f1896f 2007-05-25 20:35:30 +00:00			`/* Limit permitted capabilities set to CAPSYS_NICE */`
merge glitch-free branch back into trunk git-svn-id: file:///home/lennart/svn/public/pulseaudio/trunk@2445 fefdeb5f-60dc-0310-8127-8f9354f1896f 2008-05-15 23:34:41 +00:00			`void pa_limit_caps(void) {`
add support for capabilities git-svn-id: file:///home/lennart/svn/public/pulseaudio/trunk@233 fefdeb5f-60dc-0310-8127-8f9354f1896f 2004-09-23 15:47:11 +00:00			`cap_t caps;`
			`cap_value_t nice_cap = CAP_SYS_NICE;`

merge r2193 from prepare-0.9.10 git-svn-id: file:///home/lennart/svn/public/pulseaudio/trunk@2208 fefdeb5f-60dc-0310-8127-8f9354f1896f 2008-03-31 22:12:32 +00:00			`pa_assert_se(caps = cap_init());`
merge glitch-free branch back into trunk git-svn-id: file:///home/lennart/svn/public/pulseaudio/trunk@2445 fefdeb5f-60dc-0310-8127-8f9354f1896f 2008-05-15 23:34:41 +00:00			`pa_assert_se(cap_clear(caps) == 0);`
			`pa_assert_se(cap_set_flag(caps, CAP_EFFECTIVE, 1, &nice_cap, CAP_SET) == 0);`
			`pa_assert_se(cap_set_flag(caps, CAP_PERMITTED, 1, &nice_cap, CAP_SET) == 0);`
Kill spaces on EOL git-svn-id: file:///home/lennart/svn/public/pulseaudio/trunk@1465 fefdeb5f-60dc-0310-8127-8f9354f1896f 2007-05-29 17:24:48 +00:00
support file-based capabilities instead of SUID root for giving PA rights to acquire RT/HP scheduling: setcap cap_sys_nice=ep /usr/bin/pulseaudio 2008-06-22 01:48:46 +02:00			`if (cap_set_proc(caps) < 0)`
			`/* Hmm, so we couldn't limit our caps, which probably means we`
			`* hadn't any in the first place, so let's just make sure of`
			`* that */`
			`pa_drop_caps();`
			`else`
add i18n support 2008-08-06 18:54:13 +02:00			`pa_log_info(_("Limited capabilities successfully to CAP_SYS_NICE."));`
Kill spaces on EOL git-svn-id: file:///home/lennart/svn/public/pulseaudio/trunk@1465 fefdeb5f-60dc-0310-8127-8f9354f1896f 2007-05-29 17:24:48 +00:00
merge glitch-free branch back into trunk git-svn-id: file:///home/lennart/svn/public/pulseaudio/trunk@2445 fefdeb5f-60dc-0310-8127-8f9354f1896f 2008-05-15 23:34:41 +00:00			`pa_assert_se(cap_free(caps) == 0);`
support file-based capabilities instead of SUID root for giving PA rights to acquire RT/HP scheduling: setcap cap_sys_nice=ep /usr/bin/pulseaudio 2008-06-22 01:48:46 +02:00
			`pa_assert_se(prctl(PR_SET_KEEPCAPS, 1, 0, 0, 0) == 0);`
add support for capabilities git-svn-id: file:///home/lennart/svn/public/pulseaudio/trunk@233 fefdeb5f-60dc-0310-8127-8f9354f1896f 2004-09-23 15:47:11 +00:00			`}`

* some commenting work * add new field "read_only" to memory blocks * add new API function pa_context_get_server() * filter capture data through mcalign on client * make module-tunnel use pa_socket_client_new_string() instead of using pa_resolve_server() directly. * remove pa_resolve_server() * remove debug.h and replace it by a macro definition on the gcc command line * some strbuf cleanups * small fixes in pa_stream for cleanup when server dies * new CLI command "load-sample-dir-lazy" * send FQDN as part of server info * rework mcalign, this time with memory block merging * fix iochannel cleanup when connection dies * check getaddrinfo() results git-svn-id: file:///home/lennart/svn/public/pulseaudio/trunk@286 fefdeb5f-60dc-0310-8127-8f9354f1896f 2004-11-17 00:05:25 +00:00			`/* Drop all capabilities, effectively becoming a normal user */`
merge r2193 from prepare-0.9.10 git-svn-id: file:///home/lennart/svn/public/pulseaudio/trunk@2208 fefdeb5f-60dc-0310-8127-8f9354f1896f 2008-03-31 22:12:32 +00:00			`void pa_drop_caps(void) {`
add support for capabilities git-svn-id: file:///home/lennart/svn/public/pulseaudio/trunk@233 fefdeb5f-60dc-0310-8127-8f9354f1896f 2004-09-23 15:47:11 +00:00			`cap_t caps;`

allow running of PA with a valgring that doesn't know cap_set_caps 2008-08-03 16:16:22 +02:00			`#ifndef __OPTIMIZE__`
			`/* Valgrind doesn't not know set_caps, so we bypass it here -- but`
instead of checking for directly use new function pa_in_valgrind() 2008-10-04 00:13:05 +02:00			`* only in development builds.*/`
allow running of PA with a valgring that doesn't know cap_set_caps 2008-08-03 16:16:22 +02:00
instead of checking for directly use new function pa_in_valgrind() 2008-10-04 00:13:05 +02:00			`if (pa_in_valgrind() && !pa_have_caps())`
allow running of PA with a valgring that doesn't know cap_set_caps 2008-08-03 16:16:22 +02:00			`return;`
			`#endif`

merge r2193 from prepare-0.9.10 git-svn-id: file:///home/lennart/svn/public/pulseaudio/trunk@2208 fefdeb5f-60dc-0310-8127-8f9354f1896f 2008-03-31 22:12:32 +00:00			`pa_assert_se(prctl(PR_SET_KEEPCAPS, 0, 0, 0, 0) == 0);`
add support for capabilities git-svn-id: file:///home/lennart/svn/public/pulseaudio/trunk@233 fefdeb5f-60dc-0310-8127-8f9354f1896f 2004-09-23 15:47:11 +00:00
merge r2193 from prepare-0.9.10 git-svn-id: file:///home/lennart/svn/public/pulseaudio/trunk@2208 fefdeb5f-60dc-0310-8127-8f9354f1896f 2008-03-31 22:12:32 +00:00			`pa_assert_se(caps = cap_init());`
merge glitch-free branch back into trunk git-svn-id: file:///home/lennart/svn/public/pulseaudio/trunk@2445 fefdeb5f-60dc-0310-8127-8f9354f1896f 2008-05-15 23:34:41 +00:00			`pa_assert_se(cap_clear(caps) == 0);`
merge r2193 from prepare-0.9.10 git-svn-id: file:///home/lennart/svn/public/pulseaudio/trunk@2208 fefdeb5f-60dc-0310-8127-8f9354f1896f 2008-03-31 22:12:32 +00:00			`pa_assert_se(cap_set_proc(caps) == 0);`
merge glitch-free branch back into trunk git-svn-id: file:///home/lennart/svn/public/pulseaudio/trunk@2445 fefdeb5f-60dc-0310-8127-8f9354f1896f 2008-05-15 23:34:41 +00:00			`pa_assert_se(cap_free(caps) == 0);`
support file-based capabilities instead of SUID root for giving PA rights to acquire RT/HP scheduling: setcap cap_sys_nice=ep /usr/bin/pulseaudio 2008-06-22 01:48:46 +02:00
			`pa_assert_se(!pa_have_caps());`
			`}`

			`pa_bool_t pa_have_caps(void) {`
			`cap_t caps;`
			`cap_flag_value_t flag = CAP_CLEAR;`

allow running of PA with a valgring that doesn't know cap_set_caps 2008-08-03 16:16:22 +02:00			`#ifdef __OPTIMIZE__`
support file-based capabilities instead of SUID root for giving PA rights to acquire RT/HP scheduling: setcap cap_sys_nice=ep /usr/bin/pulseaudio 2008-06-22 01:48:46 +02:00			`pa_assert_se(caps = cap_get_proc());`
allow running of PA with a valgring that doesn't know cap_set_caps 2008-08-03 16:16:22 +02:00			`#else`
			`if (!(caps = cap_get_proc()))`
			`return FALSE;`
			`#endif`
support file-based capabilities instead of SUID root for giving PA rights to acquire RT/HP scheduling: setcap cap_sys_nice=ep /usr/bin/pulseaudio 2008-06-22 01:48:46 +02:00			`pa_assert_se(cap_get_flag(caps, CAP_SYS_NICE, CAP_EFFECTIVE, &flag) >= 0);`
			`pa_assert_se(cap_free(caps) == 0);`

			`return flag == CAP_SET;`
add support for capabilities git-svn-id: file:///home/lennart/svn/public/pulseaudio/trunk@233 fefdeb5f-60dc-0310-8127-8f9354f1896f 2004-09-23 15:47:11 +00:00			`}`

			`#else`

* some commenting work * add new field "read_only" to memory blocks * add new API function pa_context_get_server() * filter capture data through mcalign on client * make module-tunnel use pa_socket_client_new_string() instead of using pa_resolve_server() directly. * remove pa_resolve_server() * remove debug.h and replace it by a macro definition on the gcc command line * some strbuf cleanups * small fixes in pa_stream for cleanup when server dies * new CLI command "load-sample-dir-lazy" * send FQDN as part of server info * rework mcalign, this time with memory block merging * fix iochannel cleanup when connection dies * check getaddrinfo() results git-svn-id: file:///home/lennart/svn/public/pulseaudio/trunk@286 fefdeb5f-60dc-0310-8127-8f9354f1896f 2004-11-17 00:05:25 +00:00			`/* NOOPs in case capabilities are not available. */`
fix return value of noop pa_limit_caps() git-svn-id: file:///home/lennart/svn/public/pulseaudio/trunk@2462 fefdeb5f-60dc-0310-8127-8f9354f1896f 2008-05-17 10:57:52 +00:00			`void pa_limit_caps(void) {`
add support for capabilities git-svn-id: file:///home/lennart/svn/public/pulseaudio/trunk@233 fefdeb5f-60dc-0310-8127-8f9354f1896f 2004-09-23 15:47:11 +00:00			`}`

fix caps stuff for crazy people who disable caps git-svn-id: file:///home/lennart/svn/public/pulseaudio/trunk@2213 fefdeb5f-60dc-0310-8127-8f9354f1896f 2008-03-31 22:24:37 +00:00			`void pa_drop_caps(void) {`
add support for capabilities git-svn-id: file:///home/lennart/svn/public/pulseaudio/trunk@233 fefdeb5f-60dc-0310-8127-8f9354f1896f 2004-09-23 15:47:11 +00:00			`pa_drop_root();`
			`}`

support file-based capabilities instead of SUID root for giving PA rights to acquire RT/HP scheduling: setcap cap_sys_nice=ep /usr/bin/pulseaudio 2008-06-22 01:48:46 +02:00			`pa_bool_t pa_have_caps(void) {`
			`return FALSE;`
			`}`

add support for capabilities git-svn-id: file:///home/lennart/svn/public/pulseaudio/trunk@233 fefdeb5f-60dc-0310-8127-8f9354f1896f 2004-09-23 15:47:11 +00:00			`#endif`