1# Last Modified: Mon Dec 31 16:52:55 2012 2#include <tunables/global> 3 4/usr/bin/pulseaudio-eg { 5 #include <abstractions/base> 6 #include <abstractions/audio> 7 #include <abstractions/dbus-session> 8 #include <abstractions/nameservice> 9 #include <abstractions/X> 10 11 /usr/bin/pulseaudio mixr, 12 13 /dev/null rw, 14 /dev/random r, 15 /dev/urandom r, 16 17 /etc/pulse/ r, 18 /etc/pulse/* r, 19 /etc/udev/udev.conf r, 20 /etc/timidity/.pulse_cookie w, 21 22 @{HOME}/.esd_auth rwk, 23 @{HOME}/.pulse-cookie rwk, 24 @{HOME}/.config/pulse/cookie rwk, 25 @{HOME}/{.config/pulse,.pulse}/ rw, 26 @{HOME}/{.config/pulse,.pulse}/* rw, 27 28 /run/pulse/ rw, 29 /run/pulse/.pulse-cookie rwk, 30 /run/pulse/dbus-socket rwk, 31 /run/pulse/native rwk, 32 /run/pulse/pid rwk, 33 /run/udev/data/+sound:card* r, 34 35 # logind 36 /run/systemd/users/* r, 37 /run/user/*/dconf/user k, 38 39 /sys/bus/ r, 40 /sys/class/ r, 41 /sys/class/sound/ r, 42 /sys/devices/pci[0-9]*/**/*class r, 43 /sys/devices/pci[0-9]*/**/uevent r, 44 /sys/devices/system/cpu/ r, 45 /sys/devices/system/cpu/online r, 46 /sys/devices/virtual/dmi/id/bios_vendor r, 47 /sys/devices/virtual/dmi/id/board_vendor r, 48 /sys/devices/virtual/dmi/id/sys_vendor r, 49 /sys/devices/**/sound/card[0-9]*/uevent r, 50 51 /usr/share/alsa/** r, 52 /usr/share/applications/ r, 53 /usr/share/applications/* r, 54 /usr/share/pulseaudio/** r, 55 /usr/lib/pulse-[2-9].[0-9]/modules/*.so mr, 56 /usr/lib/pulseaudio/pulse/gconf-helper Cx, 57 58 owner /var/lib/gdm3/.config/pulse/ rw, 59 owner /var/lib/gdm3/.config/pulse/* rw, 60 owner /var/lib/gdm3/.config/pulse/cookie rwk, 61 62 owner /var/lib/lightdm/.Xauthority r, 63 owner /var/lib/lightdm/.esd_auth rwk, 64 owner /var/lib/lightdm/.pulse-cookie rwk, 65 owner /var/lib/lightdm/.pulse/ rw, 66 owner /var/lib/lightdm/.pulse/* w, 67 owner /var/lib/lightdm/.pulse/* r, 68 69 # are these needed? 70 /var/lib/pulse/ rw, 71 /var/lib/pulse/*-default-sink rw, 72 /var/lib/pulse/*-default-source rw, 73 /var/lib/pulse/*.tdb rw, 74 75 @{PROC}/[0-9]*/fd/ r, 76 @{PROC}/[0-9]*/maps r, 77 @{PROC}/[0-9]*/stat r, 78 79 owner /tmp/pulse-*/pid rwk, 80 owner /tmp/pulse-*/native rwk, 81 owner /tmp/pulse-*/autospawn.lock rwk, 82 83 owner /tmp/orcexec.* mrw, 84 owner /{,var/}run/user/[0-9]*/orcexec.* mrw, 85 # needed if /tmp is mounted noexec: 86 owner @{HOME}/orcexec.* mr, 87 88 # replace with @{pid} 89 owner /tmp/.esd-[0-9]*/ rw, 90 owner /tmp/.esd-[0-9]*/socket rw, 91 92 profile /usr/lib/pulseaudio/pulse/gconf-helper { 93 #include <abstractions/base> 94 95 /usr/lib/pulseaudio/pulse/gconf-helper mr, 96 } 97} 98