Skip to content

Why does NoiseTorch prompt for root privileges

Jump to bottom
lawl edited this page Jan 12, 2021 · 4 revisions

Note: Since 0.8.0 this is slightly outdated as we do use CAP_SYS_RESOURCE, but root is still required to give us CAP_SYS_RESOURCE. If you give it manually after installation and every update, root is not required.

This is expected and required to work around a problem.

We're in a bit of a weird situation here where you can just click cancel on this root prompt and it may work, but root is required to make it work reliably.

The issue is that the pulseaudio process has a set RLIMIT_RTTIME, what that means is that the pulseaudio process is running as a real-time process, which it needs to, because it processes audio, so the kernel makes sure it always gets CPU time when it needs it essentially.

The RLIMIT_RTTIME now sets a limit on this CPU time pulseaudio can use, if pulseaudio crosses that limit, the Kernel kills the process immediately. The reason for that is that if a real-time process has a bug, say it enters an endless loop without giving the CPU back, your system will freeze up.

This is where the problem arises, when we load our denoising library into the pulseaudio process, pulseaudio is already under these RLIMIT_RTTIME constraints, as it has already entered real-time mode. But loading a library includes operations that are usually a no-no for real-time processes, such as mapping the file from disk into memory etc.

So we're in a situation here where what we're doing should be done during pulseaudio start up, but where we also can't really do that, because for example we need to apply some work-arounds to filter microphone input which means NoiseTorch consumes CPU to denoise the microphone even if no application is using it.

Thus the only real option left to us, is to temporarily remove the RLIMIT_RTTIME constraint from the process, but increasing/removing this limit requires either root, or the CAP_SYS_RESOURCE capability. If we used CAP_SYS_RESOURCE we would only need root during installation, but this is difficult currently because of how installation works, and something that I think would be mostly feasible in packages installed and updated through the distribution's package manager.

So that's why we prompt for root, to perform exactly this one operation, removing the RLIMIT_RTTIME as root, (and after we're done loading, immediately reinstating it, which doesn't require root).

I am not happy about this, but I currently don't see a viable alternative, unfortunately. If your system happens to handle loading within these constraints fine, you can just click cancel on the root prompt, but there's too many people where it works inconsistently, or never.

You can find the code that's executed as root in this if block in main.go which is spawned from this function.

I think the proper way to solve this would be to make sure that the binary has CAP_SYS_RESOURCE so it doesn't need root at all.

This requires a change to how we install NoiseTorch.

It's something I'd like to eventually do, but for now shelling out to pkexec is the quick and dirty way that works for most people.

If anyone has a better idea to solve this, please let me know, I'd love to remove this, and I know it seems sketchy that we prompt for root.

Clone this wiki locally