diff --git a/default.pa-for-gdm b/default.pa-for-gdm index 62d820b..43dc7ed 100644 --- a/default.pa-for-gdm +++ b/default.pa-for-gdm @@ -10,3 +10,17 @@ load-module module-suspend-on-idle load-module module-console-kit load-module module-position-event-sounds +### unload driver modules for Bluetooth hardware +### this ensure Bluetooth headset are not stolen by gdm pulseaudio instance +.nofail + +.ifexists module-bluetooth-policy.so +unload-module module-bluetooth-policy +.endif + +.ifexists module-bluetooth-discover.so +unload-module module-bluetooth-discover +.endif + +.fail + diff --git a/pulseaudio-gdm-hooks.tmpfiles b/pulseaudio-gdm-hooks.tmpfiles index 3a9be6b..66cd32b 100644 --- a/pulseaudio-gdm-hooks.tmpfiles +++ b/pulseaudio-gdm-hooks.tmpfiles @@ -1,2 +1,2 @@ -d /var/lib/gdm/.pulse 0755 - - - -C /var/lib/gdm/.pulse/default.pa 0644 - - - /usr/share/factory/var/lib/gdm/.pulse/default.pa +d /var/lib/gdm/.pulse 0700 gdm gdm - +C /var/lib/gdm/.pulse/default.pa 0600 gdm gdm - /usr/share/factory/var/lib/gdm/.pulse/default.pa diff --git a/pulseaudio-old-systemd-workaround.patch b/pulseaudio-old-systemd-workaround.patch index 4ab5b9d..110a3db 100644 --- a/pulseaudio-old-systemd-workaround.patch +++ b/pulseaudio-old-systemd-workaround.patch @@ -2,9 +2,18 @@ src/daemon/systemd/user/pulseaudio.service.in | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) ---- a/src/daemon/systemd/user/pulseaudio.service.in -+++ b/src/daemon/systemd/user/pulseaudio.service.in -@@ -24,7 +24,7 @@ NoNewPrivileges=yes +Index: pulseaudio-13.0/src/daemon/systemd/user/pulseaudio.service.in +=================================================================== +--- pulseaudio-13.0.orig/src/daemon/systemd/user/pulseaudio.service.in 2019-09-13 15:10:23.000000000 +0200 ++++ pulseaudio-13.0/src/daemon/systemd/user/pulseaudio.service.in 2019-10-07 17:43:52.208067968 +0200 +@@ -18,13 +18,13 @@ + + [Service] + ExecStart=@PA_BINARY@ --daemonize=no +-LockPersonality=yes ++#LockPersonality=yes + MemoryDenyWriteExecute=yes + NoNewPrivileges=yes Restart=on-failure RestrictNamespaces=yes SystemCallArchitectures=native diff --git a/pulseaudio.changes b/pulseaudio.changes index ed99d30..b6e4339 100644 --- a/pulseaudio.changes +++ b/pulseaudio.changes @@ -1,3 +1,14 @@ +------------------------------------------------------------------- +Mon Oct 7 15:25:25 UTC 2019 - Frederic Crozat + +- Update pulseaudio-gdm-hooks.tmpfiles to use the same ownership + and permissions as in specfile for pulseaudio files. +- Update default.pa-for-gdm to not load bluetooth support in + pulseaudio gdm instance. This ensure headset are not stolen by + gdm instance instead of user instance. Idea from ArchLinux. +- Update pulseaudio-old-systemd-workaround.patch to disable + LockPersonality also on Leap 15.x. + ------------------------------------------------------------------- Sun Sep 22 19:40:15 UTC 2019 - Bjørn Lie