Pulseaudio snap permissions

David Henningsson david.henningsson at canonical.com
Tue Feb 9 13:00:55 UTC 2016

Hi snappy-devel,

I've been working on packaging PulseAudio for snappy in order to enable 
apps to play back audio. I've come as far as I need to have the 
permissions conversation with someone more familiar with snappy.

PulseAudio needs to do at least these things:

  * Listen to a UNIX socket where clients can connect (there are a few 
options w r t where this socket could be located so clients find it).

  * Access ALSA sound cards, i e ioctl device nodes under /dev/snd/*. 
(Note: UNIX permissions of these nodes might need adjustment too 
depending on solution)

  * Listen to udev events to tell when new sound cards appear in the 
system (e g, someone might connect a USB headset).

  * Get on the system D-Bus in order to speak with the bluetooth daemon 
(in order to enable audio I/O through bluetooth headsets).

  * Gain real-time priority in order to have low-latency audio working 
without glitches.

Right now, I'm not sure whether PulseAudio should run as a user-level or 
system-level daemon - I expect this will affect what solutions we choose 
for security too.

So far I've been working with customizing snapcraft.yaml only, but maybe 
this reaches beyond what snapcraft can handle and some special apparmor 
and/or seccomp profiles need to be crafted. Not sure about this either?

David Henningsson, Canonical Ltd.

More information about the snappy-devel mailing list