Pulseaudio snap permissions
David Henningsson
david.henningsson at canonical.com
Tue Feb 9 13:00:55 UTC 2016
Hi snappy-devel,
I've been working on packaging PulseAudio for snappy in order to enable
apps to play back audio. I've come as far as I need to have the
permissions conversation with someone more familiar with snappy.
PulseAudio needs to do at least these things:
* Listen to a UNIX socket where clients can connect (there are a few
options w r t where this socket could be located so clients find it).
* Access ALSA sound cards, i e ioctl device nodes under /dev/snd/*.
(Note: UNIX permissions of these nodes might need adjustment too
depending on solution)
* Listen to udev events to tell when new sound cards appear in the
system (e g, someone might connect a USB headset).
* Get on the system D-Bus in order to speak with the bluetooth daemon
(in order to enable audio I/O through bluetooth headsets).
* Gain real-time priority in order to have low-latency audio working
without glitches.
Right now, I'm not sure whether PulseAudio should run as a user-level or
system-level daemon - I expect this will affect what solutions we choose
for security too.
So far I've been working with customizing snapcraft.yaml only, but maybe
this reaches beyond what snapcraft can handle and some special apparmor
and/or seccomp profiles need to be crafted. Not sure about this either?
--
David Henningsson, Canonical Ltd.
https://launchpad.net/~diwic
More information about the snappy-devel
mailing list