Home | About | Community | Download | Documentation | Planet |
What is wrong with system mode?
In most desktop use cases, system mode likely is not the right choice. There are use cases where system mode does make sense, and these are listed further down.
Here are a couple of reasons why running PA in system mode can be problematic in desktop use cases.
- Security: Much like the X server as soon as you are authenticated you have complete control of the sound server, no further per-object access checks are done.
- Related to the previous point, one especially problematic thing from security point of view is module loading. Anyone who has access can load and unload modules. Module loading can be disabled, but then bluetooth and alsa hotplug functionality doesn't work.
- When in system mode, shared memory data transport is disabled for security reasons, which means: much higher memory usage and CPU load in system mode
- The module-xxx-restore modules maintain state that is inheritely user specific, but when run in system mode is shared between users.
- Security: there are no size limits on state data, which enables users to flood /var unless you employ quotas on the pulse user
- Security: all users that have access to the server can sniff into each others audio streams, listen to their mikes, and so on.
- When in system mode you also lose a lot of further functionality, like the bridging to jack, to rygel (upnp), to X11, to ckit, and so on And, most importantly: it is explicitly not designed for it, you are on your own if you use it. The maintainer's interest in making sure system mode is well supported is rather minimal.
So why have it then?
System mode is around for usage on thin client or embedded setups, where no real local user exists, where access is exclusively via the network, and where state data is flushed on each session termination.
So you want to set it up nonetheless?
Do note that the maintainers of PulseAudio do not recommend using system mode for most desktop use cases. Things should still work as-is, and more documentation on doing this correctly is to be done (contributions welcome!).