In email correspondence, David said that we should disable access to the cli and dbus-sockets and only allow access to native. This has been added to policy. With a pending kernel patch, those avenues will be fixed. David also said that with the native socket apps can load pulse system modules. That is sufficient for 13.10, but will likely want to add security hooks to pulse going forward. I'll mark the saucy task as "Won't Fix" for now. We can define work items for mediating module load down the line.
In email correspondence, David said that we should disable access to the cli and dbus-sockets and only allow access to native. This has been added to policy. With a pending kernel patch, those avenues will be fixed. David also said that with the native socket apps can load pulse system modules. That is sufficient for 13.10, but will likely want to add security hooks to pulse going forward. I'll mark the saucy task as "Won't Fix" for now. We can define work items for mediating module load down the line.