mirror of
https://gitlab.freedesktop.org/pulseaudio/pulseaudio.git
synced 2025-11-03 09:01:50 -05:00
daemon: strip all special suid/caps log from our startup code, we'll now rely on RealtimeKit for all high-priority/RT scheduling policy issues
This commit is contained in:
Lennart Poettering
parent
bacc5ca6f4
commit
9c438bcac6
4 changed files with 31 additions and 285 deletions
|
|
@ -102,7 +102,6 @@
|
|||
#include "dumpmodules.h"
|
||||
#include "caps.h"
|
||||
#include "ltdl-bind-now.h"
|
||||
#include "polkit.h"
|
||||
|
||||
#ifdef HAVE_LIBWRAP
|
||||
/* Only one instance of these variables */
|
||||
|
|
@ -381,9 +380,7 @@ int main(int argc, char *argv[]) {
|
|||
pa_mainloop *mainloop = NULL;
|
||||
char *s;
|
||||
int r = 0, retval = 1, d = 0;
|
||||
pa_bool_t suid_root, real_root;
|
||||
pa_bool_t valid_pid_file = FALSE;
|
||||
gid_t gid = (gid_t) -1;
|
||||
pa_bool_t ltdl_init = FALSE;
|
||||
int passed_fd = -1;
|
||||
const char *e;
|
||||
|
|
@ -426,30 +423,6 @@ int main(int argc, char *argv[]) {
|
|||
}
|
||||
#endif
|
||||
|
||||
#ifdef HAVE_GETUID
|
||||
real_root = getuid() == 0;
|
||||
suid_root = !real_root && geteuid() == 0;
|
||||
#else
|
||||
real_root = FALSE;
|
||||
suid_root = FALSE;
|
||||
#endif
|
||||
|
||||
if (!real_root) {
|
||||
/* Drop all capabilities except CAP_SYS_NICE */
|
||||
pa_limit_caps();
|
||||
|
||||
/* Drop privileges, but keep CAP_SYS_NICE */
|
||||
pa_drop_root();
|
||||
|
||||
/* After dropping root, the effective set is reset, hence,
|
||||
* let's raise it again */
|
||||
pa_limit_caps();
|
||||
|
||||
/* When capabilities are not supported we will not be able to
|
||||
* acquire RT sched anymore. But yes, that's the way it is. It
|
||||
* is just too risky tun let PA run as root all the time. */
|
||||
}
|
||||
|
||||
if ((e = getenv("PULSE_PASSED_FD"))) {
|
||||
passed_fd = atoi(e);
|
||||
|
||||
|
|
@ -457,15 +430,14 @@ int main(int argc, char *argv[]) {
|
|||
passed_fd = -1;
|
||||
}
|
||||
|
||||
/* We might be autospawned, in which case have no idea in which
|
||||
* context we have been started. Let's cleanup our execution
|
||||
* context as good as possible */
|
||||
pa_drop_root();
|
||||
pa_close_all(passed_fd, -1);
|
||||
|
||||
pa_reset_sigs(-1);
|
||||
pa_unblock_sigs(-1);
|
||||
|
||||
/* At this point, we are a normal user, possibly with CAP_NICE if
|
||||
* we were started SUID. If we are started as normal root, than we
|
||||
* still are normal root. */
|
||||
|
||||
setlocale(LC_ALL, "");
|
||||
pa_init_i18n();
|
||||
|
||||
|
|
@ -490,150 +462,6 @@ int main(int argc, char *argv[]) {
|
|||
pa_log_set_flags(PA_LOG_PRINT_TIME, PA_LOG_SET);
|
||||
pa_log_set_show_backtrace(conf->log_backtrace);
|
||||
|
||||
pa_log_debug("Started as real root: %s, suid root: %s", pa_yes_no(real_root), pa_yes_no(suid_root));
|
||||
|
||||
if (!real_root && pa_have_caps()) {
|
||||
#ifdef HAVE_SYS_RESOURCE_H
|
||||
struct rlimit rl;
|
||||
#endif
|
||||
pa_bool_t allow_high_priority = FALSE, allow_realtime = FALSE;
|
||||
|
||||
/* Let's better not enable high prio or RT by default */
|
||||
|
||||
if (conf->high_priority && !allow_high_priority) {
|
||||
if (pa_own_uid_in_group(PA_REALTIME_GROUP, &gid) > 0) {
|
||||
pa_log_info(_("We're in the group '%s', allowing high-priority scheduling."), PA_REALTIME_GROUP);
|
||||
allow_high_priority = TRUE;
|
||||
}
|
||||
}
|
||||
|
||||
if (conf->realtime_scheduling && !allow_realtime) {
|
||||
if (pa_own_uid_in_group(PA_REALTIME_GROUP, &gid) > 0) {
|
||||
pa_log_info(_("We're in the group '%s', allowing real-time scheduling."), PA_REALTIME_GROUP);
|
||||
allow_realtime = TRUE;
|
||||
}
|
||||
}
|
||||
|
||||
#ifdef HAVE_POLKIT
|
||||
if (conf->high_priority && !allow_high_priority) {
|
||||
if (pa_polkit_check("org.pulseaudio.acquire-high-priority") > 0) {
|
||||
pa_log_info(_("PolicyKit grants us acquire-high-priority privilege."));
|
||||
allow_high_priority = TRUE;
|
||||
} else
|
||||
pa_log_info(_("PolicyKit refuses acquire-high-priority privilege."));
|
||||
}
|
||||
|
||||
if (conf->realtime_scheduling && !allow_realtime) {
|
||||
if (pa_polkit_check("org.pulseaudio.acquire-real-time") > 0) {
|
||||
pa_log_info(_("PolicyKit grants us acquire-real-time privilege."));
|
||||
allow_realtime = TRUE;
|
||||
} else
|
||||
pa_log_info(_("PolicyKit refuses acquire-real-time privilege."));
|
||||
}
|
||||
#endif
|
||||
|
||||
if (!allow_high_priority && !allow_realtime) {
|
||||
|
||||
/* OK, there's no further need to keep CAP_NICE. Hence
|
||||
* let's give it up early */
|
||||
|
||||
pa_drop_caps();
|
||||
}
|
||||
|
||||
#ifdef RLIMIT_RTPRIO
|
||||
if (getrlimit(RLIMIT_RTPRIO, &rl) >= 0)
|
||||
if (rl.rlim_cur > 0) {
|
||||
pa_log_info("RLIMIT_RTPRIO is set to %u, allowing real-time scheduling.", (unsigned) rl.rlim_cur);
|
||||
allow_realtime = TRUE;
|
||||
}
|
||||
#endif
|
||||
#ifdef RLIMIT_NICE
|
||||
if (getrlimit(RLIMIT_NICE, &rl) >= 0)
|
||||
if (rl.rlim_cur > 20 ) {
|
||||
pa_log_info("RLIMIT_NICE is set to %u, allowing high-priority scheduling.", (unsigned) rl.rlim_cur);
|
||||
allow_high_priority = TRUE;
|
||||
}
|
||||
#endif
|
||||
|
||||
if ((conf->high_priority && !allow_high_priority) ||
|
||||
(conf->realtime_scheduling && !allow_realtime))
|
||||
pa_log_info(_("Called SUID root and real-time and/or high-priority scheduling was requested in the configuration. However, we lack the necessary privileges:\n"
|
||||
"We are not in group '%s', PolicyKit refuse to grant us the requested privileges and we have no increase RLIMIT_NICE/RLIMIT_RTPRIO resource limits.\n"
|
||||
"For enabling real-time/high-priority scheduling please acquire the appropriate PolicyKit privileges, or become a member of '%s', or increase the RLIMIT_NICE/RLIMIT_RTPRIO resource limits for this user."),
|
||||
PA_REALTIME_GROUP, PA_REALTIME_GROUP);
|
||||
|
||||
|
||||
if (!allow_realtime)
|
||||
conf->realtime_scheduling = FALSE;
|
||||
|
||||
if (!allow_high_priority)
|
||||
conf->high_priority = FALSE;
|
||||
}
|
||||
|
||||
#ifdef HAVE_SYS_RESOURCE_H
|
||||
/* Reset resource limits. If we are run as root (for system mode)
|
||||
* this might end up increasing the limits, which is intended
|
||||
* behaviour. For all other cases, i.e. started as normal user, or
|
||||
* SUID root at this point we should have no CAP_SYS_RESOURCE and
|
||||
* increasing the limits thus should fail. Which is, too, intended
|
||||
* behaviour */
|
||||
|
||||
set_all_rlimits(conf);
|
||||
#endif
|
||||
|
||||
if (conf->high_priority && !pa_can_high_priority()) {
|
||||
pa_log_info(_("High-priority scheduling enabled in configuration but not allowed by policy."));
|
||||
conf->high_priority = FALSE;
|
||||
}
|
||||
|
||||
if (conf->high_priority && (conf->cmd == PA_CMD_DAEMON || conf->cmd == PA_CMD_START))
|
||||
pa_raise_priority(conf->nice_level);
|
||||
|
||||
pa_log_debug("Can realtime: %s, can high-priority: %s", pa_yes_no(pa_can_realtime()), pa_yes_no(pa_can_high_priority()));
|
||||
|
||||
if (!real_root && pa_have_caps()) {
|
||||
pa_bool_t drop;
|
||||
|
||||
drop = (conf->cmd != PA_CMD_DAEMON && conf->cmd != PA_CMD_START) || !conf->realtime_scheduling;
|
||||
|
||||
#ifdef RLIMIT_RTPRIO
|
||||
if (!drop) {
|
||||
struct rlimit rl;
|
||||
/* At this point we still have CAP_NICE if we were loaded
|
||||
* SUID root. If possible let's acquire RLIMIT_RTPRIO
|
||||
* instead and give CAP_NICE up. */
|
||||
|
||||
if (getrlimit(RLIMIT_RTPRIO, &rl) >= 0) {
|
||||
|
||||
if (rl.rlim_cur >= 9)
|
||||
drop = TRUE;
|
||||
else {
|
||||
rl.rlim_max = rl.rlim_cur = 9;
|
||||
|
||||
if (setrlimit(RLIMIT_RTPRIO, &rl) >= 0) {
|
||||
pa_log_info(_("Successfully increased RLIMIT_RTPRIO"));
|
||||
drop = TRUE;
|
||||
} else
|
||||
pa_log_warn(_("RLIMIT_RTPRIO failed: %s"), pa_cstrerror(errno));
|
||||
}
|
||||
}
|
||||
}
|
||||
#endif
|
||||
|
||||
if (drop) {
|
||||
pa_log_info(_("Giving up CAP_NICE"));
|
||||
pa_drop_caps();
|
||||
suid_root = FALSE;
|
||||
}
|
||||
}
|
||||
|
||||
if (conf->realtime_scheduling && !pa_can_realtime()) {
|
||||
pa_log_info(_("Real-time scheduling enabled in configuration but not allowed by policy."));
|
||||
conf->realtime_scheduling = FALSE;
|
||||
}
|
||||
|
||||
pa_log_debug("Can realtime: %s, can high-priority: %s", pa_yes_no(pa_can_realtime()), pa_yes_no(pa_can_high_priority()));
|
||||
|
||||
LTDL_SET_PRELOADED_SYMBOLS();
|
||||
pa_ltdl_init();
|
||||
ltdl_init = TRUE;
|
||||
|
|
@ -718,9 +546,9 @@ int main(int argc, char *argv[]) {
|
|||
pa_assert(conf->cmd == PA_CMD_DAEMON || conf->cmd == PA_CMD_START);
|
||||
}
|
||||
|
||||
if (real_root && !conf->system_instance)
|
||||
if (getuid() == 0 && !conf->system_instance)
|
||||
pa_log_warn(_("This program is not intended to be run as root (unless --system is specified)."));
|
||||
else if (!real_root && conf->system_instance) {
|
||||
else if (getuid() != 0 && conf->system_instance) {
|
||||
pa_log(_("Root privileges required."));
|
||||
goto finish;
|
||||
}
|
||||
|
|
@ -866,6 +694,13 @@ int main(int argc, char *argv[]) {
|
|||
pa_assert_se(chdir("/") == 0);
|
||||
umask(0022);
|
||||
|
||||
#ifdef HAVE_SYS_RESOURCE_H
|
||||
set_all_rlimits(conf);
|
||||
#endif
|
||||
pa_rtclock_hrtimer_enable();
|
||||
|
||||
pa_raise_priority(conf->nice_level);
|
||||
|
||||
if (conf->system_instance)
|
||||
if (change_user() < 0)
|
||||
goto finish;
|
||||
|
|
@ -914,8 +749,8 @@ int main(int argc, char *argv[]) {
|
|||
pa_xfree(s);
|
||||
|
||||
if ((s = pa_session_id())) {
|
||||
pa_log_info(_("Session ID is %s."), s);
|
||||
pa_xfree(s);
|
||||
pa_log_info(_("Session ID is %s."), s);
|
||||
pa_xfree(s);
|
||||
}
|
||||
|
||||
if (!(s = pa_get_runtime_dir()))
|
||||
|
|
@ -962,8 +797,6 @@ int main(int argc, char *argv[]) {
|
|||
else
|
||||
pa_log_info(_("Dude, your kernel stinks! The chef's recommendation today is Linux with high-resolution timers enabled!"));
|
||||
|
||||
pa_rtclock_hrtimer_enable();
|
||||
|
||||
#ifdef SIGRTMIN
|
||||
/* Valgrind uses SIGRTMAX. To easy debugging we don't use it here */
|
||||
pa_rtsig_configure(SIGRTMIN, SIGRTMAX-1);
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue