https://wiki.archlinux.org/api.php?action=feedcontributions&user=Carlosvin&feedformat=atomArchWiki - User contributions [en]2024-03-28T18:47:38ZUser contributionsMediaWiki 1.41.0https://wiki.archlinux.org/index.php?title=Skype&diff=492266Skype2017-10-03T17:10:58Z<p>Carlosvin: Skype for linux is back in version, I don't see any reason to archive this page</p>
<hr />
<div>[[Category:Telephony and voice]]<br />
[[bg:Skype]]<br />
[[cs:Skype]]<br />
[[ja:Skype]]<br />
[[lt:Skype]]<br />
[[ru:Skype]]<br />
[[uk:Skype]]<br />
<br />
There are two official Linux versions of Skype available:<br />
* The new Skype for Linux: see [[#Skype for Linux]]<br />
* The old Skype (version 4.x, final release in June 2014): see [[#Legacy Skype]]<br />
: Legacy Skype does not support calling to some newer clients.[https://blogs.skype.com/news/2016/07/13/skype-for-linux-alpha-and-calling-on-chrome-and-chromebooks/] '''Was "retired" on 1 July 2017'''[http://www.omgubuntu.co.uk/2017/06/skype-4-3-linux-stop-working-july-2017] (but is still working as of 5 July 2017).<br />
<br />
Alternatively, you can use the web version at [https://web.skype.com/ web.skype.com]. It has working (group) voice and video chat (video chat seems to only work in Chromium/Chrome).<br />
<br />
== Skype for Linux ==<br />
The new ''Skype for Linux''[https://www.skype.com/en/insider/] has full functionality, including group video chat and [http://www.omgubuntu.co.uk/2017/08/skype-redesign-everyone-hates-now-available-linux screen sharing].<br />
<br />
[[Install]] it with the {{AUR|skypeforlinux}} or {{AUR|skypeforlinux-bin}} package.<br />
<br />
== Legacy Skype ==<br />
=== Installation ===<br />
<br />
[[Install]] the {{AUR|skype}} package.<br />
<br />
Running Skype is just as easy. Type {{ic|skype}} into a terminal or double-click the Skype icon on your desktop or in your DE's application menu.<br />
<br />
=== Skype sound ===<br />
<br />
Skype requires [[PulseAudio]] for voice communication and does not support plain [[ALSA]].<br />
<br />
Alternatively, if you do not want to use PulseAudio, you can follow [[ALSA#PulseAudio compatibility]]<br />
<br />
=== Restricting Skype access ===<br />
<br />
There are a couple of reasons you might want to restrict Skype's access to your computer:<br />
<br />
* The skype binary is disguised against decompiling, so nobody is (still) able to reproduce what it really does.<br />
* It produces encrypted traffic even when you are not actively using Skype.<br />
<br />
See [http://www1.cs.columbia.edu/~salman/skype/index.html] for more information.<br />
<br />
Restrictions can be implemented in a number of ways, with varying ease and security. It is possible to run Skype in a container, run it as a separate user, or use the [[wikipedia:Mandatory_access_control|Mandatory Access Control]] functionality available in the Linux kernel.<br />
<br />
==== systemd-nspawn ====<br />
<br />
{{Warning|systemd-nspawn provides the most straightforward way to run an application in a separate environment, however it is [https://www.freedesktop.org/software/systemd/man/systemd-nspawn.html not considered] to provide a fully secure setup.}}<br />
<br />
The following script will create a container in {{ic|/mnt/stor/vm/skype}} and run Skype from there on each subsequent run. Fetching the default pacman config is necessary for 64-bit systems with multilib enabled, but be careful in case you have custom repositories enabled. Note that sound and video may be broken with this method.<br />
<br />
{{bc|<nowiki><br />
#!/bin/bash<br />
set -e<br />
DEST=/mnt/stor/vm/skype<br />
if [ ! -d "$DEST" ];then<br />
sudo mkdir -p "$DEST/var/lib/pacman/";<br />
sudo mkdir -p "$DEST/etc/"<br />
sudo curl https://projects.archlinux.org/svntogit/packages.git/plain/trunk/pacman.conf.i686?h=packages/pacman -o "$DEST/etc/pacman.conf"<br />
echo sudo skype | sudo pacman --arch i686 --root "$DEST" --cachedir /var/cache/pacman/pkg --config "$DEST/etc/pacman.conf" -Sy - --noconfirm<br />
sudo systemd-nspawn -D "$DEST" groupadd skype<br />
sudo systemd-nspawn -D "$DEST" useradd -g skype skype<br />
sudo mkdir -p $DEST/home/skype/.config/pulse<br />
sudo cp ~/.config/pulse/cookie $DEST/home/skype/.config/pulse/<br />
sudo cp ~/.Xauthority $DEST/home/skype/<br />
sudo chmod 755 -R $DEST/home/skype/<br />
sudo chown -R 1000:1000 $DEST/home/skype/<br />
fi<br />
sudo systemd-nspawn -D "$DEST" --bind=/tmp/.X11-unix --share-system sudo -u skype env DISPLAY=:0 PULSE_SERVER=desktop skype<br />
</nowiki>}}<br />
<br />
==== Docker ====<br />
{{Warning|Running Docker has its own set of security implications and caveats. Read the main Docker article for more information.}}<br />
<br />
Install [[Docker]] and feel free to [https://hub.docker.com/search/?q=skype&page=1&isAutomated=0&isOfficial=0&pullCount=0&starCount=0 explore Docker Hub] for Skype images prepared by users.<br />
<br />
A tried and tested image is [https://github.com/sameersbn/docker-skype sameersbn/skype] (hosted on Github). It uses X11 and [[PulseAudio]] unix domain sockets on the host to enable audio/video support in Skype. A wrapper script mounts the X11 and Pulseaudio sockets inside the container. The X11 socket allows for the user interface to display on the host, while Pulseaudio socket allows for the audio output to be rendered on the host. {{ic|/dev/video0}} is also mounted.<br />
<br />
Container has access to {{ic|~/.Skype}} and {{ic|~/Downloads}} directories on your host system. Wrapper scripts are installed into {{ic|/usr/local/bin}}.<br />
<br />
For installation use [https://github.com/sameersbn/docker-skype/blob/master/README.md upstream instructions].<br />
<br />
==== Use Skype with special user ====<br />
<br />
{{Poor writing|This section needs revising both in content and style}}<br />
<br />
{{Warning|As of version 1.16, Xorg runs as a regular user. This means a special user has no access to X. The following approach only works when enabling root for Xorg; see [[Xorg#Rootless Xorg (v1.16)]].}}<br />
<br />
A special user can be used for running Skype within one's normal environment. Permissions will have to be set to ensure your home directory is not readable by the special Skype user (see [[File permissions and attributes]]).<br />
<br />
An AUR package, {{AUR|skype-secure}} exists that will run skype as a separate user ("_skype") cleanly. It is heavily based on the information in this section.<br />
<br />
Create a new group for the skype user:<br />
<br />
# groupadd skype<br />
<br />
Then we have to add the new user:<br />
<br />
# useradd -m -g skype -G audio,video -s /bin/bash skype<br />
<br />
{{Note|1=Maybe you need to add "skype" user to "pulse-access" and "pulse-rt" groups. But it works fine with "audio" and "skype" groups only.}}<br />
<br />
Now add the following line to {{ic|/home/skype/.bashrc}}:<br />
<br />
export DISPLAY=":0.0"<br />
<br />
At last we define the alias (e.g. in {{ic|~/.bashrc}}):<br />
<br />
alias skype='xhost +local: && su skype -c skype'<br />
<br />
Now we can start Skype as the newly created user simply by running {{Ic|skype}} from the command line and entering the password of the user skype.<br />
<br />
If you are tired of typing in the skype user's password every time, make sure you installed the [[sudo]] package, run {{Ic|visudo}} then add this line at the bottom:<br />
<br />
%wheel ALL=(skype) NOPASSWD: /usr/bin/skype<br />
<br />
And use this alias to launch skype:<br />
<br />
alias skype='xhost +local: && sudo -u skype /usr/bin/skype'<br />
<br />
{{Note|If you forget the {{ic|xhost}} command, Skype may fail with a "No protocol specified" error on stdout.}}<br />
<br />
I noticed that the newly created user is able to read some of the files in my home directory because the permissions were a+r, so I changed them manually to a-r u+r and changed umask from 022 to 066.<br />
<br />
In order to restrict user "skype" accessing your external drive mounted in {{ic|/media/data}} for instance, make sure first that "skype" does not belong to group "users" (if you used the default group "skype", everything should be fine), then change the accesses on the mount point:<br />
<br />
# chown :users /media/data<br />
# chmod o-rwx /media/data<br />
<br />
This way, it is ensured that only the owner (normally "root") and "users" can access the specified directory tree while the others, including "skype", will be forbidden.<br />
<br />
===== Access Pulseaudio controls when using Skype as a different user =====<br />
<br />
Audio will not be functional since the special skype user can't connect to the PulseAudio daemon owned by the user which has started the desktop session. However, a socket can be exposed for the new user to connect to the PulseAudio daemon. See [[PulseAudio/Examples#Allowing multiple users to use PulseAudio at the same time]] for more information.<br />
<br />
===== Open URLs in your user's browser =====<br />
<br />
When one clicks URL in chat window, skype execute [[xdg-open]] to handle it. By default {{ic|xdg-open}} uses default web browser for skype user environment. In order to open links in your user's browser perform next setup.<br />
<br />
{{Note|<br />
* [[Sudo]] should be installed and properly configured.<br />
* Current example uses [[firefox]] as preferred browser.<br />
* Do not forget to adjust ''your_user'' to proper value.<br />
}}<br />
<br />
Log in as skype user:<br />
<br />
$ sudo -u skype -i<br />
<br />
Create local preferences dir:<br />
<br />
$ mkdir -p ~/.local/share/applications<br />
<br />
Create {{ic|/home/skype/.local/share/applications/firefox-sudo.desktop}} file:<br />
<br />
[Desktop Entry]<br />
Name=Firefox<br />
Exec=/home/skype/firefox-wrapper %u<br />
Terminal=false<br />
Type=Application<br />
Categories=Network;WebBrowser;<br />
<br />
Set {{ic|firefox-sudo.desktop}} to manage HTTP and HTTPS URLs:<br />
<br />
$ xdg-mime default firefox-sudo.desktop x-scheme-handler/http<br />
$ xdg-mime default firefox-sudo.desktop x-scheme-handler/https<br />
<br />
(Optionally) add FTP handler:<br />
<br />
$ xdg-mime default firefox-sudo.desktop x-scheme-handler/ftp<br />
<br />
Create {{ic|/home/skype/firefox-wrapper}} script (adjust ''your_user''):<br />
<br />
#!/bin/bash<br />
DISPLAY=:0.0 HOME=/home/''your_user'' sudo -u ''your_user'' /usr/lib/firefox/firefox -new-tab $1<br />
<br />
Make it executable:<br />
<br />
$ chmod +x ~/firefox-wrapper<br />
<br />
Now as root user open {{ic|/etc/sudoers}}:<br />
<br />
# visudo<br />
<br />
And add permission for skype user to exec user's browser (adjust ''your_user''):<br />
<br />
skype ALL=(''your_user'') NOPASSWD: /usr/lib/firefox/firefox -new-tab http*, /usr/lib/firefox/firefox -new-tab ftp*<br />
<br />
===== Access received files =====<br />
<br />
By default {{ic|skype}} stores received files with 600 permissions (only owner can access them). One may use {{Pkg|incron}} to perform automatic permission fix upon downloading.<br />
<br />
{{Note|This example assumes that you configure skype to save received files into {{ic|/home/skype/downloads}}}}<br />
<br />
Make skype home dir and download dir accessible:<br />
<br />
# chmod 755 /home/skype /home/skype/downloads<br />
<br />
[[Install]] incron with the {{Pkg|incron}} package, and enable and start {{ic|incrond}} [[systemd#Using units|using systemd]].<br />
Open incrontab for root user:<br />
<br />
# incrontab -e<br />
<br />
Add incron job:<br />
<br />
/home/skype/downloads IN_CREATE chmod 644 $@/$#<br />
<br />
Save changes and exit incrontab editor.<br />
<br />
To test incron in action just enter skype download dir and create test file:<br />
<br />
# cd /home/skype/downloads<br />
# install -m 600 /dev/null test.txt<br />
# ls -l test.txt<br />
<br />
File permissions should be 644 or -rw-r--r--<br />
<br />
(Optionally) link skype download dir into your home dir:<br />
<br />
$ ln -s /home/skype/downloads ~/skype_files<br />
<br />
==== AppArmor ====<br />
<br />
See the [[AppArmor]] page for how to set up AppArmor.<br />
<br />
The userland tools for AppArmor come with a collection of example profiles. Skype is amongst them. Copy this to the directory where AppArmor profiles are stored.<br />
<br />
# cp -ip /usr/share/apparmor/extra-profiles/usr.bin.skype /etc/apparmor.d/<br />
<br />
For whatever reason, the profile is not complete. You may wish to modify it further. Here is an example for Skype 4:<br />
<br />
{{bc|#include <tunables/global><br />
<br />
/usr/bin/skype {<br />
#include <abstractions/audio><br />
#include <abstractions/consoles><br />
#include <abstractions/dbus-session><br />
#include <abstractions/gnome><br />
#include <abstractions/kde><br />
#include <abstractions/nameservice><br />
#include <abstractions/video><br />
<br />
# Executables<br />
/usr/bin/skype ixmr,<br />
/usr/lib{,32}/skype/skype ixmr,<br />
/usr/bin/xdg-open PUxmr,<br />
/usr/bin/kde4-config PUxmr,<br />
<br />
# Configuration files<br />
owner @{HOME}/.Skype/ rw,<br />
owner @{HOME}/.Skype/** krw,<br />
owner @{HOME}/.config/Skype/ rw,<br />
owner @{HOME}/.config/Skype/** krw,<br />
<br />
# Downloads/uploads directory<br />
owner @{HOME}/Public/ rw,<br />
owner @{HOME}/Public/** krw,<br />
<br />
# Libraries<br />
/usr/lib{,32}/libv4l/v4l2convert.so mr,<br />
/usr/share/skype/lib/libQtWebKit.so.4 mr,<br />
<br />
# Shared data<br />
/usr/share/skype/ r,<br />
/usr/share/skype/** r,<br />
<br />
# Devices<br />
/dev/ r,<br />
/dev/video[0-9]* mrw,<br />
<br />
# System information<br />
/etc/machine-id r,<br />
@{PROC}/sys/kernel/{ostype,osrelease} r,<br />
@{PROC}/sys/vm/overcommit_memory r,<br />
@{PROC}/[0-9]*/net/arp r,<br />
owner @{PROC}/[0-9]*/cmdline r,<br />
owner @{PROC}/[0-9]*/status r,<br />
owner @{PROC}/[0-9]*/task/ r,<br />
owner @{PROC}/[0-9]*/task/[0-9]*/stat r,<br />
owner @{PROC}/[0-9]*/fd/ r,<br />
/sys/devices/system/cpu/ r,<br />
/sys/devices/system/cpu/cpu[0-9]*/cpufreq/scaling_{cur_freq,max_freq} r,<br />
/sys/devices/pci*/*/usb[0-9]*/*/*/modalias r,<br />
/sys/devices/pci*/*/usb[0-9]*/*/*/video4linux/video[0-9]*/dev r,<br />
/sys/devices/pci*/*/usb[0-9]*/*/{idVendor,idProduct,speed} r,<br />
<br />
# This probably should go to appropriate abstractions<br />
/etc/asound.conf r,<br />
owner @{HOME}/.config/fontconfig/fonts.conf r,<br />
owner @{HOME}/.config/gtk-3.0/bookmarks r,<br />
owner @{HOME}/.config/oxygen-gtk/argb-apps.conf rw,<br />
owner @{HOME}/.config/pulse/cookie krw,<br />
owner @{HOME}/.icons/** r,<br />
owner @{HOME}/.kde4/share/config/kdeglobals krw,<br />
owner @{HOME}/.kde4/share/config/gtkrc-2.0 r,<br />
owner @{HOME}/.kde4/share/config/oxygenrc r,<br />
/usr/share/icons/*/index.theme kr,<br />
/usr/share/nvidia/nvidia-application-profiles-*-rc r,<br />
<br />
# Denials<br />
deny owner @{HOME}/.mozilla/ r,<br />
deny owner @{HOME}/.mozilla/** r,<br />
deny /sys/devices/virtual/dmi/** r,<br />
&#125;}}<br />
<br />
{{Note|This example assumes that Skype is configured to save received files into {{ic|~/Public}}. Feel free to change it to any folder you like.}}<br />
<br />
To use the profile, first be sure {{ic|securityfs}} is mounted,<br />
<br />
# mount -t securityfs securityfs /sys/kernel/security<br />
<br />
Load the profile by the command,<br />
<br />
# apparmor_parser -r /etc/apparmor.d/usr.bin.skype<br />
<br />
Now you can run Skype restricted but as your own user. Denials are logged in {{ic|messages.log}}.<br />
<br />
==== TOMOYO ====<br />
<br />
Please note that this section describes using TOMOYO 2.5. See [[TOMOYO Linux#TOMOYO Linux 2.x]] for installation.<br />
<br />
{{Note|Do not forget to populate first the {{ic|/etc/tomoyo}} directory running: {{ic|/usr/lib/tomoyo/init_policy}} }}<br />
<br />
* Open {{ic|/etc/tomoyo/exception_policy.conf}} file and add these lines:<br />
<br />
{{bc|path_group SKYPE_DIRS /home/\*/.Skype/<br />
path_group SKYPE_DIRS /home/\*/.Skype/\{\*\}/<br />
path_group SKYPE_DIRS /home/\*/.config/Skype/\{\*\}/<br />
path_group SKYPE_DIRS /usr/share/skype/\{\*\}/<br />
path_group SKYPE_DIRS /tmp/skype-\*/<br />
path_group SKYPE_DIRS /tmp/skype-\*/\{\*\}/<br />
path_group SKYPE_DIRS /home/\*/Downloads/tmp/\{\*\}/<br />
path_group SKYPE_FILES /home/\*/.Skype/\{\*\}/\*<br />
path_group SKYPE_FILES /home/\*/.config/Skype/\{\*\}/\*<br />
path_group SKYPE_FILES /usr/share/skype/\{\*\}/\*<br />
path_group SKYPE_FILES /home/\*/.Skype/\*<br />
path_group SKYPE_FILES /home/\*/.config/Skype/\*<br />
path_group SKYPE_FILES /usr/share/skype/\*<br />
path_group SKYPE_FILES /tmp/skype-\*/\{\*\}/\*<br />
path_group SKYPE_FILES /home/\*/Downloads/tmp/\{\*\}/\*<br />
path_group SKYPE_FILES /home/\*/Downloads/tmp/\*<br />
path_group ICONS_DIRS /usr/share/icons/\{\*\}/<br />
path_group ICONS_FILES /usr/share/icons/\{\*\}/\*<br />
path_group ICONS_FILES /usr/share/icons/\*<br />
initialize_domain /usr/bin/skype from any<br />
initialize_domain /usr/lib32/skype/skype from any}}<br />
<br />
Note that {{ic|/home/*/Downloads/tmp}} folders are the only folders to which Skype will be able to save received files and from which it will be able to send all files.<br />
<br />
* Then open {{ic|/etc/tomoyo/domain_policy.conf}} and add the following lines:<br />
<br />
{{bc|1=<kernel> /usr/bin/skype<br />
use_profile 3<br />
use_group 0<br />
<br />
misc env \*<br />
file read /bin/bash<br />
file read /usr/bin/bash<br />
file read/write /dev/tty<br />
file read /usr/lib/locale/locale-archive<br />
file read /usr/lib/gconv/gconv-modules<br />
file read /usr/bin/skype<br />
file read /usr/lib32/skype/skype<br />
file execute /usr/lib32/skype/skype exec.realpath="/usr/lib32/skype/skype" exec.argv[0]="/usr/lib32/skype/skype"<br />
<br />
<kernel> /usr/lib32/skype/skype<br />
use_profile 3<br />
use_group 0<br />
<br />
file append /dev/snd/pcm\*<br />
file chmod /home/\*/.Skype/ 0700<br />
file create /home/\*/.cache/fontconfig/\* 0600-0666<br />
file create /tmp/qtsingleapp-\*-lockfile 0600-0666<br />
file create @SKYPE_FILES 0600-0666<br />
file create /dev/shm/pulse-shm-\* 0700-0777<br />
file execute /usr/bin/firefox<br />
file execute /usr/bin/gnome-open<br />
file execute /usr/bin/notify-send<br />
file execute /usr/bin/opera<br />
file execute /usr/bin/xdg-open<br />
file ioctl /dev/snd/\* 0-0xFFFFFFFFFFFFFFFF<br />
file ioctl /dev/video0 0-0xFFFFFFFFFFFFFFFF<br />
file ioctl anon_inode:inotify 0x541B<br />
file ioctl socket:[family=1:type=2:protocol=0] 0x8910<br />
file ioctl socket:[family=1:type=2:protocol=0] 0x8933<br />
file ioctl socket:[family=2:type=1:protocol=6] 0x541B<br />
file ioctl socket:[family=2:type=2:protocol=17] 0x541B<br />
file ioctl socket:[family=2:type=2:protocol=17] 0x8912<br />
file ioctl socket:[family=2:type=2:protocol=17] 0x8927<br />
file ioctl socket:[family=2:type=2:protocol=17] 0x8B01<br />
file ioctl socket:[family=2:type=2:protocol=17] 0x8B1B<br />
file ioctl socket:[family=2:type=2:protocol=17] 0x8B15<br />
file ioctl socket:[family=2:type=2:protocol=17] 0x8B05<br />
file link/rename /home/\*/.cache/fontconfig/\* /home/\*/.cache/fontconfig/\*<br />
file mkdir /home/\*/.cache/fontconfig/\* 0600<br />
file mkdir @SKYPE_DIRS 0700-0777<br />
file mksock /tmp/qtsingleapp-\* 0755<br />
file read /dev/urandom<br />
file read/write/unlink/truncate /dev/shm/pulse-shm-\*<br />
file read /etc/fonts/conf.avail/\*.conf<br />
file read /etc/fonts/conf.d/\*.conf<br />
file read /etc/fonts/fonts.conf<br />
file read /etc/group<br />
file read /etc/host.conf<br />
file read /etc/hosts<br />
file read /etc/machine-id<br />
file read /etc/nsswitch.conf<br />
file read /etc/resolv.conf<br />
file read /home/\*/.ICEauthority<br />
file read /home/\*/.XCompose<br />
file read /home/\*/.Xauthority<br />
file read /home/\*/.Xdefaults<br />
file read /home/\*/.fontconfig/\*<br />
file read /home/\*/.config/fontconfig/\*<br />
file read /home/\*/.config/pulse/cookie<br />
file read /usr/lib/locale/locale-archive<br />
file read /usr/lib32/gconv/UTF-16.so<br />
file read /usr/lib32/gconv/gconv-modules<br />
file read /usr/lib32/libv4l/v4l2convert.so<br />
file read /usr/lib32/libv4l/plugins/libv4l-mplane.so<br />
file read /usr/lib32/pulseaudio/libpulsecommon-5.0.so<br />
file read /usr/lib32/qt/plugins/bearer/libq\*bearer.so<br />
file read /usr/lib32/qt/plugins/iconengines/libqsvgicon.so<br />
file read /usr/lib32/qt/plugins/imageformats/libq\*.so<br />
file read /usr/lib32/qt/plugins/inputmethods/libqimsw-multi.so<br />
file read /usr/lib32/skype/skype<br />
file read /usr/share/X11/locale/\*/Compose<br />
file read /usr/share/X11/locale/\*/XLC_LOCALE<br />
file read /usr/share/X11/locale/compose.dir<br />
file read /usr/share/X11/locale/locale.alias<br />
file read /usr/share/X11/locale/locale.dir<br />
file read /usr/share/alsa/alsa.conf<br />
file read /usr/share/alsa/cards/\*.conf<br />
file read /usr/share/alsa/pcm/\*.conf<br />
file read /usr/share/fonts/\*/\*/\*<br />
file read /usr/share/locale/\*/LC_MESSAGES/\*.mo<br />
file read /usr/share/ca-certificates/mozilla/\*.crt<br />
file read /var/cache/fontconfig/\*.cache-4<br />
file read @ICONS_FILES<br />
file read proc:/sys/vm/overcommit_memory<br />
file read /sys/devices/\*/\*/\*/\*/\*/modalias<br />
file read /sys/devices/\*/\*/\*/\*/\*/video4linux/video0/dev<br />
file read /sys/devices/\*/\*/\*/\*/idProduct<br />
file read /sys/devices/\*/\*/\*/\*/idVendor<br />
file read /sys/devices/\*/\*/\*/\*/speed<br />
file read /sys/devices/system/cpu/cpu0/cpufreq/scaling_cur_freq<br />
file read /sys/devices/system/cpu/cpu0/cpufreq/scaling_max_freq<br />
file read /sys/devices/system/cpu/online<br />
file read/write /dev/snd/\*<br />
file read/write /dev/video0<br />
file read/write/truncate /home/\*/.config/Trolltech.conf<br />
file read/write/unlink /home/\*/.cache/fontconfig/\*<br />
file read/write/unlink /tmp/qtsingleapp-\*<br />
file read/write/unlink/truncate @SKYPE_FILES<br />
file rename @SKYPE_DIRS @SKYPE_DIRS<br />
file rename @SKYPE_FILES @SKYPE_FILES<br />
file rmdir @SKYPE_DIRS<br />
misc env \*<br />
network inet dgram bind 0.0.0.0 0-65535<br />
network inet dgram bind 127.0.0.1 0<br />
network inet dgram bind/send 0.0.0.0-255.255.255.255 0-65535<br />
network inet stream bind/listen 0.0.0.0 0-65535<br />
network inet stream connect 0.0.0.0-255.255.255.255 0-65535<br />
network unix stream bind/listen/connect /tmp/qtsingleapp-\*<br />
network unix stream connect /tmp/.ICE-unix/\*<br />
network unix stream connect /var/run/dbus/system_bus_socket<br />
network unix stream connect /var/run/nscd/socket<br />
network unix stream connect \000/tmp/.ICE-unix/\*<br />
network unix stream connect \000/tmp/.X11-unix/X0<br />
network unix stream connect \000/tmp/dbus-\*<br />
network unix stream connect /run/user/1000/pulse/native<br />
<br />
<kernel> /usr/lib32/skype/skype /usr/bin/xdg-open<br />
use_profile 0<br />
use_group 0<br />
<br />
<kernel> /usr/lib32/skype/skype /usr/bin/gnome-open<br />
use_profile 0<br />
use_group 0<br />
<br />
<kernel> /usr/lib32/skype/skype /usr/bin/notify-send<br />
use_profile 0<br />
use_group 0}}<br />
<br />
* After finishing editing reload TOMOYO config files by executing these commands:<br />
<br />
{{bc|# tomoyo-loadpolicy -df < /etc/tomoyo/domain_policy.conf<br />
# tomoyo-loadpolicy -ef < /etc/tomoyo/exception_policy.conf}}<br />
<br />
Skype is now sandboxed.<br />
<br />
Please note that this config is generated on 64-bit Arch system, and some of your ioctls and library paths may differ from mentioned above. So in order to fine-tune TOMOYO config for your Skype [[start]] {{ic|tomoyo-auditd.service}}.<br />
<br />
Then go to {{ic|/var/log/tomoyo}} folder and start watching {{ic|reject_003.log}}:<br />
<br />
$ tail -f reject_003.log<br />
<br />
The output of this command will show you rejected actions for Skype, so you will be able to add them to {{ic|domain_policy.conf}} file if needed.<br />
<br />
See [http://tomoyo.sourceforge.jp/2.5/index.html.en] for a detailed guide to TOMOYO configuration.<br />
<br />
=== Troubleshooting ===<br />
<br />
==== GUI does not match GTK Theme ====<br />
<br />
See [[Uniform look for Qt and GTK applications]] for information about theming Qt based applications like [[VirtualBox]] or Skype. Also, you may need to install the {{aur|lib32-gtk-engines}} package.<br />
<br />
==== Test call fails ====<br />
<br />
Call to Echo Test Service can fail with error "call failed" when the user profiles are usually corrupt. Solution is to remove the profile and file and re-add your account in Skype as seen in Ubuntu Forums.<br />
<br />
# rm ~/.Skype/ -rf<br />
<br />
==== No video with GSPCA webcams ====<br />
<br />
Firstly, remove the Skype configuration directory. Otherwise preloading V4L libraries (see below) will not help, because old settings will override preloaded libraries. Note that all personal account settings will be lost.<br />
<br />
rm -rf ~/.Skype<br />
<br />
For i686, install {{Pkg|v4l-utils}}, userspace tools and conversion library for Video 4 Linux, and run Skype with<br />
<br />
LD_PRELOAD=/usr/lib/libv4l/v4l1compat.so skype<br />
<br />
to start Skype with v4l1 compatibility.<br />
<br />
For x86_64, install {{Pkg|lib32-v4l-utils}} from [multilib] repository and run Skype with<br />
<br />
LD_PRELOAD=/usr/lib32/libv4l/v4l1compat.so skype<br />
<br />
To make it running from DE menus and independent of Skype updates, you can add alias (e.g. in {{ic|~/.bashrc}}):<br />
<br />
alias skype='LD_PRELOAD=/usr/''libxx''/libv4l/v4l1compat.so skype'<br />
<br />
where ''libxx'' should be edited as appropriate.<br />
<br />
==== No video with Compiz ====<br />
<br />
Try launching Skype setting an environment variable like this:<br />
<br />
$ XLIB_SKIP_ARGB_VISUALS=1 skype<br />
<br />
====Skype does not use a GTK+ theme, even though other Qt apps do====<br />
<br />
Recent versions of Skype allow you to change the theme via the Options menu. However, selecting the GTK+ option may not work properly. This is probably because you do not have a 32-bit theme engine installed. Try to find the engine your theme uses in the multilib repository or the [[AUR]]. If you have no idea which engine your theme is using, the easiest fix is to install {{AUR|lib32-gtk-engines}}. This does however contain quite a lot of packages, so the best would be to find and install only the needed package.<br />
<br />
{{Note|You may not have to install {{AUR|lib32-gtk-engines}}. First try if the following steps work for you if you only install ''lib32-gtk2'' and a GTK+2 theme respectively. See also the [https://bbs.archlinux.org/viewtopic.php?pid&#61;1200975#p1200975 forums].}}<br />
<br />
Once installed, it will still not work unless you have a 32-bit version of GConf installed. You could build and install {{Pkg|lib32-gconf}} if desired, but there is an easier workaround. First, create or edit {{ic|~/.gtkrc-2.0}} so that it contains the following line:<br />
<br />
$ gtk-theme-name = "''My theme''"<br />
<br />
Replace ''My theme by'' the name of your theme, but leave the quotes. Second, run Skype like this:<br />
<br />
$ export GTK2_RC_FILES="/etc/gtk-2.0/gtkrc:$HOME/.gtkrc-2.0"<br />
$ skype<br />
<br />
The GTK+ theme should now appear correctly. You can make this permanent either by running Skype from a script containing the above 2 lines, or by exporting GTK2_RC_FILES in {{ic|~/.xprofile}} or {{ic|~/.xinitrc}}, depending on how you start X.<br />
<br />
If you cannot change the theme in the Options menu, run Skype using the following command:<br />
<br />
$ /usr/bin/skype --disable-cleanlooks -style GTK<br />
<br />
If you wish menus within desktop environments to load Skype with a GTK+ theme by default then modify the 'Exec' line of {{ic|/usr/share/applications/skype.desktop}} so that it reads:<br />
<br />
$ Exec=/usr/bin/skype --disable-cleanlooks -style GTK<br />
<br />
Similarly if you have set Skype to autostart then modify {{ic|~/.config/autostart/skype.desktop}} in the same way.<br />
<br />
==== No incoming video stream ====<br />
<br />
If skype shows a black square for the video preview, but something else (like {{ic|xawtv -c /dev/video0}}) shows video correctly, you might need to start Skype with:<br />
<br />
export XLIB_SKIP_ARGB_VISUALS=1 && skype<br />
<br />
Another possible workaround is to preload ''v4l1compat.so'':<br />
<br />
LD_PRELOAD=/usr/lib/libv4l/v4l1compat.so skype<br />
<br />
A further alternative is:<br />
<br />
cd /usr/lib/lib32/libv4l && LD_PRELOAD=v4l1compat.so skype;<br />
<br />
==== Monster/low-octave "growling" distortion over mic ====<br />
<br />
Some users with newer kernels are experiencing a monster-like growling distortion of their sound stream on the other end of Skype. This can be fixed by creating a dummy ALSA device or by removing {{ic|~/.Skype/shared.xml}}. See https://bbs.archlinux.org/viewtopic.php?pid=819500#p819500 for more information.<br />
<br />
==== Crackling/noisy sound (mainly using 64-bit OS) ====<br />
<br />
=====Solution 1=====<br />
<br />
With root privileges, edit the {{ic|/usr/bin/skype}} script to add the {{ic|PULSE_LATENCY_MSEC}} variable, changing this line:<br />
<br />
exec "$LIBDIR/skype/skype" "$@"<br />
<br />
to this:<br />
<br />
PULSE_LATENCY_MSEC=60 exec "$LIBDIR/skype/skype" "$@"<br />
<br />
=====Solution 2=====<br />
<br />
Edit {{ic|/etc/pulse/default.pa}} and change the following line<br />
<br />
load-module module-udev-detect<br />
<br />
to<br />
<br />
load-module module-udev-detect tsched=0<br />
<br />
See also: [[PulseAudio/Troubleshooting#Glitches, skips or crackling]].<br />
<br />
==== Skype sounds stops media player or other sound sources ====<br />
<br />
You can try commenting out the following modules in {{ic|/etc/pulse/default.pa}}<br />
#load-module module-role-cork<br />
<br />
Finally you have to restart pulseaudio:<br />
<br />
$ pulseaudio --kill<br />
$ pulseaudio --start<br />
<br />
If restarting does not solve the sound problem try to log out and log in again.<br />
<br />
If that does not help, you can try changing flat-volumes to no in {{ic|/etc/pulse/daemon.conf}}.<br />
flat-volumes = no<br />
<br />
If that still does not work, you can manually unload the module:<br />
<br />
$ pactl unload-module module-role-cork<br />
<br />
==== You are already signed in on this computer ====<br />
<br />
If Skype is closed without the dc.lock file being deleted, it will fail to log back in.<br />
<br />
To fix this, close Skype and run:<br />
<br />
$ rm ~/.Skype/shared_dynco/dc.lock<br />
<br />
==== Empty white screen window ====<br />
<br />
If you get a white empty window when launching skype, try to autologin like this instead:<br />
<br />
$ echo ''username'' ''password'' | skype --pipelogin<br />
<br />
==== Skype doesn't output any sound after upgrading PulseAudio ====<br />
<br />
Currently, Skype doesn't work PulseAudio 9.0 {{ic|enable-memfd}} option, you have to make sure it's disabled in {{ic|/etc/pulse/daemon.conf}}.<br />
<br />
==== Skype outputs only UI sounds, but no voice/microphone ====<br />
<br />
This might be caused by the wrong sound card being selected for {{aur|skypeforlinux-bin}}. Try ''Tools > Audio & Video settings'' and choose 'Default device'. (You can make a test call there as well to verify the settings). Also, make sure you have pulseaudio installed.<br />
<br />
==== Skype does not remember credentials/freezes after entering password ====<br />
<br />
The "new" Skype ({{aur|skypeforlinux}} and {{aur|skypeforlinux-bin}}) stores the user name/password in a [[GNOME Keyring]], so make sure you have it properly set up.<br />
<br />
Note also that skype cannot work with {{Pkg|libsecret}}, it instead relies on the (deprecated) {{Pkg|libgnome-keyring}} library. If it is not installed, the UI will just freeze after the login page.<br />
<br />
== Skype plugin for Pidgin ==<br />
<br />
See [[Pidgin#Skype plugin]].</div>Carlosvin