Difference between revisions of "Talk:Skype"

From ArchWiki
Jump to: navigation, search
(%wheel ALL=(skype) NOPASSWD: /usr/bin/skype: new section)
(Systemd-nspawn security: new section)
 
(55 intermediate revisions by 17 users not shown)
Line 1: Line 1:
 +
== Skype phones ==
 +
 
What about skype phones?  Is there a way to make them work with Linux?  For instance, I have a Philips voip0801B/37.  Are there open source drivers for these sort of things? -- [[User:Kc8tpz|Kc8tpz]] 11:58, October 1, 2007‎
 
What about skype phones?  Is there a way to make them work with Linux?  For instance, I have a Philips voip0801B/37.  Are there open source drivers for these sort of things? -- [[User:Kc8tpz|Kc8tpz]] 11:58, October 1, 2007‎
  
Line 6: Line 8:
 
:-- [[User:Dextrose|Dextrose]] 19:11, September 11, 2008‎
 
:-- [[User:Dextrose|Dextrose]] 19:11, September 11, 2008‎
  
== Troubleshooting ==
+
== %wheel ALL=(skype) NOPASSWD: /usr/bin/skype ==
  
Hello, I've just found out that changing the permissions of libpulse, as the wiki recommends, breaks mplayer. I don't know if this is a peculiarity of my setup -- I doubt it --, but I would encourage other wiki users to try if this is the case, and if it is the section should be ammended. -- [[User:Manolomartinez|Manolomartinez]] 11:52, February 22, 2012‎
+
I have found that Skype runs as a special user if '%skype' is used instead of '%wheel'.  
  
== Skype-OSS Sound (Pre-2.0) ==
+
{{Unsigned|11:05, 13 October 2012‎|Slr}}
  
"If you have a recent version of Skype, this will not work and is not needed, look at the "important notes" on start of this page." -- the "important notes" section seems missing. -- [[User:Zag|Zag]] 13:13, August 6, 2012‎
+
== Tomoyo ==
  
== %wheel ALL=(skype) NOPASSWD: /usr/bin/skype ==
+
I tried to secure Skype following the [https://wiki.archlinux.org/index.php/Skype#TOMOYO instructions in the article]. Unfortunately it didn't work. Now i fixed it. For me to work, I needed a few modifications:
 +
 
 +
I added the following content to {{ic|/etc/tomoyo/domain_policy.conf}}
 +
{{bc|
 +
file read /usr/share/locale/\*/LC_MESSAGES/\*
 +
file read /usr/lib/gconv/\*}}
 +
Otherwise skype doesn't adapt to the system language.
 +
 
 +
Furthermore just appending the in the article mentioned entries to {{ic|/etc/tomoyo/exception_policy.conf}} doesn't work. Tomoyo didn't respect the lines {{bc|initialize_domain /usr/bin/skype from any
 +
initialize_domain /usr/lib32/skype/skype from any}} Therefore I moved them to the already existing entries of the form {{ic|initialize_domain *}} in the configuration file. If this is also true for others, it might be a good idea to modify the article at least mentioning the latter one. Or perhaps it's a bug in tomoyo? --[[User:Marcus-aurelius|Marcus-aurelius]] ([[User talk:Marcus-aurelius|talk]]) 09:50, 8 June 2013 (UTC)
 +
 
 +
== systemd-nspawn ==
 +
 
 +
I fixed systemd-nspawn script a bit but I still can't make PulseAudio and my webcam work in the container. -- [[User:Yellow block|Yellow block]] ([[User talk:Yellow block|talk]]) 20:05, 19 October 2015 (UTC)
 +
 
 +
== grsec profile ==
 +
 
 +
Is there any grsec profile available? Thanks in advance,--[[User:Xan|Xan]] ([[User talk:Xan|talk]]) 18:09, 13 March 2015 (UTC)
 +
If you whitelist "em" for /usr/share/skypeforlinux/skypeforlinux, the GUI loads just fine. Video calls and everything load no problem [[User:tancrackers|tancrackers]] ([[User talk:tancrackers|talk]]) 23:20, October 25, 2016 (UTC)
 +
 
 +
== Skype hangs while logging in - missing dependency ==
 +
 
 +
Not sure if this is the right place to post this.
 +
 
 +
Skype might hang while logging in - the wheel will spin showing it's working, but it won't log in or display the main window. This is because it's missing libgnomeui - if you install this package it works perfectly. This should thus probably be a dependency.
 +
 
 +
:Please file a bug: https://bugs.archlinux.org -- [[User:Alad|Alad]] ([[User talk:Alad|talk]]) 07:08, 21 August 2015 (UTC)
 +
 
 +
== <s>Docker</s> ==
 +
 
 +
I think Docker could also be used to run skype in a save environment. What do you think? {{Unsigned|27 August 2015‎|Ph1r3ph0x}}
 +
 
 +
:See [https://wiki.archlinux.org/index.php?title=Skype&diff=390529&oldid=389735]. — [[User:Kynikos|Kynikos]] ([[User talk:Kynikos|talk]]) 07:56, 28 August 2015 (UTC)
 +
 
 +
::Skype runs unprivileged within the container and the article talks about privileged processes. If we find this way insecure because base container system can be exploited, "systemd-nspawn" and "Use Skype with special user" sections should also be removed. Personally I think this level of sandboxing is good enough for many people. We can put a warning that the sandboxing is not 100% bullet-proof though. — [[User:Yellow block|Yellow block]] ([[User talk:Yellow block|talk]]) 07:07, 26 October 2015 (UTC)
 +
 
 +
:::I agree with you, honestly I also think that generic warnings about vulnerabilities are a bit useless, after all they can be everywhere... Maybe some words should be better spent in the [[Docker]] article itself. What about also reintroducing the [https://wiki.archlinux.org/index.php?title=Skype&oldid=389735#Docker previous] instructions as an alternative? — [[User:Kynikos|Kynikos]] ([[User talk:Kynikos|talk]]) 10:33, 27 October 2015 (UTC)
 +
 
 +
:::: Okay, I expanded the section a little. I can add some information about security into "Securing Skype" introduction after I collect relevant URLs. — [[User:Yellow block|Yellow block]] ([[User talk:Yellow block|talk]]) 08:18, 28 October 2015 (UTC)
 +
 
 +
:::::Uh thanks, although actually I don't see the need to duplicate the detailed installation instructions in this article, personally I liked it better when there was just a link to the image and the upstream instructions. Also, there are [https://hub.docker.com/search/?q=skype&page=1&isAutomated=0&isOfficial=0&pullCount=0&starCount=0 many] Skype images, maybe it's more fair to give more generalized instructions here and point users to the external manuals.
 +
:::::That said, it will be very interesting if you expand the article on security.
 +
:::::— [[User:Kynikos|Kynikos]] ([[User talk:Kynikos|talk]]) 14:56, 30 October 2015 (UTC)
 +
 
 +
::::::I made the suggested corrections but left info about sameersbn image. I tried a few others and they didn't work very well or required separate container with Pulseaudio. This one is tested and offers more features and he even fixed a bug for me quickly. — [[User:Yellow block|Yellow block]] ([[User talk:Yellow block|talk]]) 20:04, 1 November 2015 (UTC)
 +
 
 +
:::::::Looks good to me, well done :) Do you still want to further expand the article? Otherwise you can close this discussion. — [[User:Kynikos|Kynikos]] ([[User talk:Kynikos|talk]]) 13:53, 3 November 2015 (UTC)
 +
 
 +
::::::::No follow-up, closing. -- [[User:Alad|Alad]] ([[User talk:Alad|talk]]) 19:53, 9 August 2016 (UTC)
 +
 
 +
== Sound ==
 +
 
 +
I'd like to add something like this at the end of the section:
 +
 
 +
"If you're using an application launcher that uses the $PATH (like dmenu) variables, you might want to change exec line in the file /usr/bin/skype directly like this (remember to make a backup before!):
 +
 
 +
  exec /usr/bin/apulse "$LIBDIR/skype/skype" "$@"
 +
 
 +
[[User:Freebe|Freebe]] ([[User talk:Freebe|talk]]) 11:12, 11 November 2015 (UTC)
 +
 
 +
:Hi, I suppose you're referring to the [[Skype#Skype sound]] section. The modification you suggest would not survive a package upgrade, if I were you I'd use a shell alias for the ''skype'' command, maybe that's something worth adding to the article. See [[Dmenu#Support_for_shell_aliases]] for having dmenu see aliases (you may want to reupload the package to AUR). Alternatively, you can try to put a new wrapping script in the PATH, like {{ic|/usr/local/bin/paskype}} that in turn launches skype with apulse. — [[User:Kynikos|Kynikos]] ([[User talk:Kynikos|talk]]) 03:05, 12 November 2015 (UTC)
 +
 
 +
== Skype web version as a Chromium app ==
 +
 
 +
What do you think of adding a new short section, after "Skype for Linux Alpha", that mentions the possibility and details to run "chromium --app='https://web.skype.com/'" as an alternative to the new client? This may be useful to people who do not want to install a binary blob from AUR. [[User:Andreyv|Andreyv]] ([[User talk:Andreyv|talk]]) 09:25, 17 August 2016 (UTC)
 +
 
 +
== Skype legacy version incompatible with new version ==
 +
 
 +
According to https://wiki.debian.org/skype, legacy Skype can not message or call anybody using the new version on any platform. If so, this note should be added to the wiki page here and enough to kill off using the legacy client completely. [[User:Bulletmark|Bulletmark]] ([[User talk:Bulletmark|talk]]) 01:57, 25 October 2016 (UTC)
 +
 
 +
* This seems false. I'm using the legacy version, and I can still call and message people on the most recent OS X version. [[User:Ostiensis|Ostiensis]] ([[User talk:Ostiensis|talk]]) 01:54, 25 October 2016 (UTC)
 +
 
 +
: The old Skype client cannot join [https://support.skype.com/en/faq/FA12361/what-s-new-with-skype-group-chats new style] group chats. There are also some reports of one-on-one video and voice chat no longer working between the old Linux client and some newer clients, but I'm not sure about that. [[User:Lonaowna|Lonaowna]] ([[User talk:Lonaowna|talk]]) 14:26, 25 October 2016 (UTC)
 +
 
 +
== Systemd-nspawn security ==
  
I have found that Skype runs as a special user if '%skype' is used instead of '%wheel'.
+
Hello, can someone provide me more details on how secure systemd-nspawn is?
 +
I have limited knowledge about this but since there is a warning message saying that it is not fully secure, can someone point out a link or something more specific? Maybe a syntax example?
 +
Thank you. [[User:Alex.theoto|Alex.theoto]] ([[User talk:Alex.theoto|talk]]) 18:19, 14 November 2016 (UTC)

Latest revision as of 18:19, 14 November 2016

Skype phones

What about skype phones? Is there a way to make them work with Linux? For instance, I have a Philips voip0801B/37. Are there open source drivers for these sort of things? -- Kc8tpz 11:58, October 1, 2007‎

Hey look if you can make it work as a generic kind/device type.
In regards to the other Linux distributions which would be the most likely to work with Arch? If you look at skype.com you will find packages for Debian, etc.. I've managed to get Flash Player in Arch x64 from using the ndiswrapper scripts from Ubuntu, any idea?
-- Dextrose 19:11, September 11, 2008‎

%wheel ALL=(skype) NOPASSWD: /usr/bin/skype

I have found that Skype runs as a special user if '%skype' is used instead of '%wheel'.

—This unsigned comment is by Slr (talk) 11:05, 13 October 2012‎. Please sign your posts with ~~~~!

Tomoyo

I tried to secure Skype following the instructions in the article. Unfortunately it didn't work. Now i fixed it. For me to work, I needed a few modifications:

I added the following content to /etc/tomoyo/domain_policy.conf

file read /usr/share/locale/\*/LC_MESSAGES/\*
file read /usr/lib/gconv/\*

Otherwise skype doesn't adapt to the system language.

Furthermore just appending the in the article mentioned entries to /etc/tomoyo/exception_policy.conf doesn't work. Tomoyo didn't respect the lines
initialize_domain /usr/bin/skype from any
initialize_domain /usr/lib32/skype/skype from any
Therefore I moved them to the already existing entries of the form initialize_domain * in the configuration file. If this is also true for others, it might be a good idea to modify the article at least mentioning the latter one. Or perhaps it's a bug in tomoyo? --Marcus-aurelius (talk) 09:50, 8 June 2013 (UTC)

systemd-nspawn

I fixed systemd-nspawn script a bit but I still can't make PulseAudio and my webcam work in the container. -- Yellow block (talk) 20:05, 19 October 2015 (UTC)

grsec profile

Is there any grsec profile available? Thanks in advance,--Xan (talk) 18:09, 13 March 2015 (UTC) If you whitelist "em" for /usr/share/skypeforlinux/skypeforlinux, the GUI loads just fine. Video calls and everything load no problem tancrackers (talk) 23:20, October 25, 2016 (UTC)

Skype hangs while logging in - missing dependency

Not sure if this is the right place to post this.

Skype might hang while logging in - the wheel will spin showing it's working, but it won't log in or display the main window. This is because it's missing libgnomeui - if you install this package it works perfectly. This should thus probably be a dependency.

Please file a bug: https://bugs.archlinux.org -- Alad (talk) 07:08, 21 August 2015 (UTC)

Docker

I think Docker could also be used to run skype in a save environment. What do you think? —This unsigned comment is by Ph1r3ph0x (talk) 27 August 2015‎. Please sign your posts with ~~~~!

See [1]. — Kynikos (talk) 07:56, 28 August 2015 (UTC)
Skype runs unprivileged within the container and the article talks about privileged processes. If we find this way insecure because base container system can be exploited, "systemd-nspawn" and "Use Skype with special user" sections should also be removed. Personally I think this level of sandboxing is good enough for many people. We can put a warning that the sandboxing is not 100% bullet-proof though. — Yellow block (talk) 07:07, 26 October 2015 (UTC)
I agree with you, honestly I also think that generic warnings about vulnerabilities are a bit useless, after all they can be everywhere... Maybe some words should be better spent in the Docker article itself. What about also reintroducing the previous instructions as an alternative? — Kynikos (talk) 10:33, 27 October 2015 (UTC)
Okay, I expanded the section a little. I can add some information about security into "Securing Skype" introduction after I collect relevant URLs. — Yellow block (talk) 08:18, 28 October 2015 (UTC)
Uh thanks, although actually I don't see the need to duplicate the detailed installation instructions in this article, personally I liked it better when there was just a link to the image and the upstream instructions. Also, there are many Skype images, maybe it's more fair to give more generalized instructions here and point users to the external manuals.
That said, it will be very interesting if you expand the article on security.
Kynikos (talk) 14:56, 30 October 2015 (UTC)
I made the suggested corrections but left info about sameersbn image. I tried a few others and they didn't work very well or required separate container with Pulseaudio. This one is tested and offers more features and he even fixed a bug for me quickly. — Yellow block (talk) 20:04, 1 November 2015 (UTC)
Looks good to me, well done :) Do you still want to further expand the article? Otherwise you can close this discussion. — Kynikos (talk) 13:53, 3 November 2015 (UTC)
No follow-up, closing. -- Alad (talk) 19:53, 9 August 2016 (UTC)

Sound

I'd like to add something like this at the end of the section:

"If you're using an application launcher that uses the $PATH (like dmenu) variables, you might want to change exec line in the file /usr/bin/skype directly like this (remember to make a backup before!):

 exec /usr/bin/apulse "$LIBDIR/skype/skype" "$@"

Freebe (talk) 11:12, 11 November 2015 (UTC)

Hi, I suppose you're referring to the Skype#Skype sound section. The modification you suggest would not survive a package upgrade, if I were you I'd use a shell alias for the skype command, maybe that's something worth adding to the article. See Dmenu#Support_for_shell_aliases for having dmenu see aliases (you may want to reupload the package to AUR). Alternatively, you can try to put a new wrapping script in the PATH, like /usr/local/bin/paskype that in turn launches skype with apulse. — Kynikos (talk) 03:05, 12 November 2015 (UTC)

Skype web version as a Chromium app

What do you think of adding a new short section, after "Skype for Linux Alpha", that mentions the possibility and details to run "chromium --app='https://web.skype.com/'" as an alternative to the new client? This may be useful to people who do not want to install a binary blob from AUR. Andreyv (talk) 09:25, 17 August 2016 (UTC)

Skype legacy version incompatible with new version

According to https://wiki.debian.org/skype, legacy Skype can not message or call anybody using the new version on any platform. If so, this note should be added to the wiki page here and enough to kill off using the legacy client completely. Bulletmark (talk) 01:57, 25 October 2016 (UTC)

  • This seems false. I'm using the legacy version, and I can still call and message people on the most recent OS X version. Ostiensis (talk) 01:54, 25 October 2016 (UTC)
The old Skype client cannot join new style group chats. There are also some reports of one-on-one video and voice chat no longer working between the old Linux client and some newer clients, but I'm not sure about that. Lonaowna (talk) 14:26, 25 October 2016 (UTC)

Systemd-nspawn security

Hello, can someone provide me more details on how secure systemd-nspawn is? I have limited knowledge about this but since there is a warning message saying that it is not fully secure, can someone point out a link or something more specific? Maybe a syntax example? Thank you. Alex.theoto (talk) 18:19, 14 November 2016 (UTC)