pulse is unable to query hal via dbus, as it's restricted to root user only (pulseaudio runs as non-privileged user). Jun 12 20:39:28 [dbus-daemon] Rejected send message, 1 matched rules; type="method_call", sender=":1.9" (uid=106 pid=25992 comm="/usr/bin/pulseaudio --log-target=syslog --disallow") interface="org.freedesktop.Hal.Manager" member="FindDeviceByCapability" error name="(unset)" requested_reply=0 destination="org.freedesktop.Hal" (uid=0 pid=25818 comm="/usr/sbin/hald --use-syslog --verbose=no ")) Jun 12 20:39:28 [pulseaudio] module-hal-detect.c: D-Bus error while parsing HAL data: org.freedesktop.DBus.Error.AccessDenied: Rejected send message, 1 matched rules; type="method_call", sender=":1.9" (uid=106 pid=25992 comm="/usr/bin/pulseaudio --log-target=syslog --disallow") interface="org.freedesktop.Hal.Manager" member="FindDeviceByCapability" error name="(unset)" requested_reply=0 destination="org.freedesktop.Hal" (uid=0 pid=25818 comm="/usr/sbin/hald --use-syslog --verbose=no ")) Jun 12 20:39:28 [pulseaudio] main.c: Failed to acquire org.pulseaudio.Server: org.freedesktop.DBus.Error.AccessDenied: Connection ":1.9" is not allowed to own the service "org.pulseaudio.Server" due to security policies in the configuration file Reproducible: Always
It's actually not restricted to root (root has almost no special privileges), it's restricted to plugdev. If you don't have policykit, then the pulse user must be in the plugdev group.
Uhhh sorry that I ask but shouldn't hal allow our default system user? It sounds broken that it doesn't. Very broken.
Err, since pulse is a system-created user, shouldn't it have access by default? Shouldn't plugdev be used for end users, and not system created accounts? I don't think we should expect users to mess up with policykit/group membership for portage-created accounts.
The problem is that dbus now has default-deny. Therefore, every single thing that needs access (in a non-policykit world) needs to have an explicit patched entry in the policy files. This is *not* hal's fault, it's dbus. If someone will come up with a canonical list of all the users that need access and what access they need, I'm willing to patch it in. I've been unable to come up with any alternative other than "allow access to everyone" which got me screamed at for insecurity. Or, I suppose, mandate policykit, which is what other distros do.
Actually, looking at the policy files, it looks like there's no reason why you can't have multiple files giving different access to the same things. So maybe pulseaudio can install it's own conf file giving it access to hal. That would certainly be better than hal knowing about every possible user that needs access. Note, I haven't tried this.
There should be a sticky notice on Gentoo forums, or at least a blog post, about this change. Requiring users accounts that run pulse to be a member of the plugdev group is a pretty big change... I spent a few hours researching why I suddenly couldn't play sound before finding this bug. I'd love to save other users, who will doubtlessly run into this problem, the time I spent.
There is a pulseaudio trac entry open for this issue: http://pulseaudio.org/ticket/582 I had this problem when running PA as a systemwide daemon. After adding the attached pulseaudio.conf to /etc/dbus-1/system.d pulseaudio's user is allowed to access dbus and all works fine. Hope you find this policy file useful.
Created attachment 195523 [details] Pulseaudio systemwide instance policy file.
Re-assigning to sound. Either the pulse user needs to be in plugdev, or pulseaudio needs to install a dbus policy file to allow access.
USE="hal" was removed from pulseaudio-0.9.22 and up in favour of USE="udev". If this is still a problem with USE="udev", please reopen.
