From af64dda064efedf0d6df6fd6db495c25289dd40b0467b7b6ceefda4c9ffed9b5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tom=C3=A1=C5=A1=20Chv=C3=A1tal?= Date: Wed, 9 Oct 2019 10:41:25 +0000 Subject: [PATCH] Accepting request 735898 from home:fcrozat:pulseaudio-gdm-fix - Update pulseaudio-gdm-hooks.tmpfiles to use the same ownership and permissions as in specfile for pulseaudio files. - Update default.pa-for-gdm to not load bluetooth support in pulseaudio gdm instance. This ensure headset are not stolen by gdm instance instead of user instance. Idea from ArchLinux. - Update pulseaudio-old-systemd-workaround.patch to disable LockPersonality also on Leap 15.x. OBS-URL: https://build.opensuse.org/request/show/735898 OBS-URL: https://build.opensuse.org/package/show/multimedia:libs/pulseaudio?expand=0&rev=214 --- default.pa-for-gdm | 14 ++++++++++++++ pulseaudio-gdm-hooks.tmpfiles | 4 ++-- pulseaudio-old-systemd-workaround.patch | 15 ++++++++++++--- pulseaudio.changes | 11 +++++++++++ 4 files changed, 39 insertions(+), 5 deletions(-) diff --git a/default.pa-for-gdm b/default.pa-for-gdm index 62d820b..43dc7ed 100644 --- a/default.pa-for-gdm +++ b/default.pa-for-gdm @@ -10,3 +10,17 @@ load-module module-suspend-on-idle load-module module-console-kit load-module module-position-event-sounds +### unload driver modules for Bluetooth hardware +### this ensure Bluetooth headset are not stolen by gdm pulseaudio instance +.nofail + +.ifexists module-bluetooth-policy.so +unload-module module-bluetooth-policy +.endif + +.ifexists module-bluetooth-discover.so +unload-module module-bluetooth-discover +.endif + +.fail + diff --git a/pulseaudio-gdm-hooks.tmpfiles b/pulseaudio-gdm-hooks.tmpfiles index 3a9be6b..66cd32b 100644 --- a/pulseaudio-gdm-hooks.tmpfiles +++ b/pulseaudio-gdm-hooks.tmpfiles @@ -1,2 +1,2 @@ -d /var/lib/gdm/.pulse 0755 - - - -C /var/lib/gdm/.pulse/default.pa 0644 - - - /usr/share/factory/var/lib/gdm/.pulse/default.pa +d /var/lib/gdm/.pulse 0700 gdm gdm - +C /var/lib/gdm/.pulse/default.pa 0600 gdm gdm - /usr/share/factory/var/lib/gdm/.pulse/default.pa diff --git a/pulseaudio-old-systemd-workaround.patch b/pulseaudio-old-systemd-workaround.patch index 4ab5b9d..110a3db 100644 --- a/pulseaudio-old-systemd-workaround.patch +++ b/pulseaudio-old-systemd-workaround.patch @@ -2,9 +2,18 @@ src/daemon/systemd/user/pulseaudio.service.in | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) ---- a/src/daemon/systemd/user/pulseaudio.service.in -+++ b/src/daemon/systemd/user/pulseaudio.service.in -@@ -24,7 +24,7 @@ NoNewPrivileges=yes +Index: pulseaudio-13.0/src/daemon/systemd/user/pulseaudio.service.in +=================================================================== +--- pulseaudio-13.0.orig/src/daemon/systemd/user/pulseaudio.service.in 2019-09-13 15:10:23.000000000 +0200 ++++ pulseaudio-13.0/src/daemon/systemd/user/pulseaudio.service.in 2019-10-07 17:43:52.208067968 +0200 +@@ -18,13 +18,13 @@ + + [Service] + ExecStart=@PA_BINARY@ --daemonize=no +-LockPersonality=yes ++#LockPersonality=yes + MemoryDenyWriteExecute=yes + NoNewPrivileges=yes Restart=on-failure RestrictNamespaces=yes SystemCallArchitectures=native diff --git a/pulseaudio.changes b/pulseaudio.changes index ed99d30..b6e4339 100644 --- a/pulseaudio.changes +++ b/pulseaudio.changes @@ -1,3 +1,14 @@ +------------------------------------------------------------------- +Mon Oct 7 15:25:25 UTC 2019 - Frederic Crozat + +- Update pulseaudio-gdm-hooks.tmpfiles to use the same ownership + and permissions as in specfile for pulseaudio files. +- Update default.pa-for-gdm to not load bluetooth support in + pulseaudio gdm instance. This ensure headset are not stolen by + gdm instance instead of user instance. Idea from ArchLinux. +- Update pulseaudio-old-systemd-workaround.patch to disable + LockPersonality also on Leap 15.x. + ------------------------------------------------------------------- Sun Sep 22 19:40:15 UTC 2019 - Bjørn Lie