Comments (6)
arkq
commented on June 4, 2024
It seems, that I've got carried away a little bit with my non-root assumption. At first, root was not required, but later I've added permissions related code, which is not compatible with this statement. However, I'm not sure if forcing root user is a good idea.
I'll explain how it works right now, and maybe you will have some thoughts regarding this issue - I'm open to any suggestions.
From the user perspective, connected Bluetooth device should be seen as an extra audio device. All actions (reading, writing, controlling) should be managed with the same permissions as other ALSA devices (e.g. PCI audio card). Therefore, I'm using the "audio" group to manage access permissions. That's why you see "Permission denied" message - user bluealsa is not able to change controller socket group to "audio". Starting daemon with --group audio fixes this issue.
Internally, bluealsa has to register audio profiles in BlueZ, which is done via D-Bus. However, accessing BlueZ interface is controlled via the policy file /etc/dbus-1/system.d/bluetooth.conf (at least on gentoo). Obviously, root has granted access, but bluealsa user has not. I haven't seen this issue before, because my user belongs to the plugdev group, so I'm also able to interact with BlueZ.
So, long story sort. After granting BlueZ access to user bluealsa:
# cat /etc/dbus-1/system.d/bluetooth.conf
...
<policy user="bluealsa">
<allow send_destination="org.bluez"/>
</policy>
...
and changing daemon group to audio:
start-stop-daemon --start --exec /usr/bin/bluealsa --user bluealsa:audio
I'm now able to run bluealsa as a non-root user and any user who belongs to the audio group is able to connect to virtual Bluetooth PCM device.
I've tested this on the current master snapshot, however v1.1.0 should be compatible.
from bluez-alsa.
infirit
commented on June 4, 2024
Thanks for reply and explanation, I'll poke at this some more and report how things went π
from bluez-alsa.
infirit
commented on June 4, 2024
However, accessing BlueZ interface is controlled via the policy file /etc/dbus-1/system.d/bluetooth.conf (at least on gentoo).
I can make bluealsa part of the plugdev group to fix that.
The problem I see now is that bluealsa (any non root user probably) is not allowed create files/dirs in /var/run. And this is where I am getting the permission denied from. When I create the dir manually and change the permission accordingly I can start it with start-stop-daemon.
But then when I try to create the bluealsa dir in /var/run through Portage it complains (rightly so) that I have no business doing things in there. Wouldn't edit, thought about it and this is not right./var/lib/ be a better place to create and tear down these sockets?
from bluez-alsa.
infirit
commented on June 4, 2024
Had a quick look at avahi, they appear to set everything up (pid file, dirs etc) and then drop root privileges.
from bluez-alsa.
arkq
commented on June 4, 2024
I've chosen /var/run/ because it points to /run/ (at least on Gentoo and OpenSUSE), which is a tmpfs, so I do not have to worry about cases when bluealsa crashes and there are leftovers in the directory. This directory guarantees, that in the worst case scenario, reboot will do its job (like on Windowsβ’ :D). But to be honest, I don't know if this directory is a right place to keep communication stuff.
bluealsa is not allowed create files/dirs in /var/run
Why not just create this directory within the init script? Before running start-stop-daemon do run:
mkdir -p /var/run/bluealsa
chown bluealsa:audio /var/run/bluealsa
I know this is kinda ugly, however I'm not sure if dropping privileges is necessary. I'm not against the idea of dropping privileges, but bluealse does not require root privileges (in theory). It does not interact with the OS in a destructive way. The only interaction it has, is with D-Bus and filesystem.
Incorporating setreuid in the codebase requires new program argument. Then, if there is --user argument, it is kind of natural to add --group argument. Then (like in e.g. avahi) I might add PID file, which brings the need of adding code for daemonization. And so on, and so on :) I'm not against new features, but new features (imho) should be related to the problem the program is trying to solve. Since, there is start-stop-daemon, it is more UNIX way to let it do its job. What do you think?
from bluez-alsa.
infirit
commented on June 4, 2024
Since, there is start-stop-daemon, it is more UNIX way to let it do its job. What do you think?
Yeah, adding all that is a bit much for bluealsa. I submitted my modified ebuild and init script to the gentoo bug tracker [1]. It builds and runs correctly now, creating the directory if needed. Thanks for the help π.
[1] https://bugs.gentoo.org/show_bug.cgi?id=592310
from bluez-alsa.
Related Issues (20)
- airpods3 failed to connect back HOT 3
- Fail to use google home mini as bluetooth speaker HOT 5
- Illegal Instruction on PiZero HOT 9
- No such device (Bluetooth, IPhone) HOT 2
- Couldn't acquire D-Bus name. HOT 12
- connected airpods pro2, the music is played without sound HOT 5
- [RTL8822CE] SCO with msbc codec enabled requires source code patching to deliver audio to headset HOT 4
- ofono not working anymore HOT 11
- API doc out of date HOT 1
- changing a2dp codec broken HOT 4
- Build error undefined references HOT 3
- Cannot decode mSBC with Realtek USB adapter HOT 1
- LDAC problem after update from 4.0 to 4.1.1 HOT 8
- v4.1.1 fails to build on on Debian buster i386 HOT 8
- No sound from Onkyo receiver HOT 90
- Potential server lockup in PCM drain HOT 2
- Sink producing no audio with aptX codec HOT 2
- allow build with different dbus name HOT 2
- Bluealsa with Google Pixel 8 Android Version 14 (Call sounds like a robot) HOT 9
- Fedora includes a fork of libopenaptx, libfreeaptx HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
π Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. πππ
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google β€οΈ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from bluez-alsa.