site
contact
newsPulseaudio Unix Domain Socket works in container
I posted today about the simpler TCP method:
https://bkhome.org/news/202111/pulseaudio-support-multiple-uses-with-tcp.html
And earlier about Unix Domain Sockets:
https://bkhome.org/news/202111/disable-pulseaudio-idle-exit-and-support-multiple-users.html
A note about that second blog post: I reported the hack of creating a
symlink /run/pulse/native to /tmp/pulse-socket, however, I found that
creating two separate sockets works. This in /etc/pulse/default.pa:
load-module module-native-protocol-unix
load-module module-native-protocol-unix auth-group=audio socket=/tmp/pulse-socket
To get sound working in the firefox container, I created this
one-line file,
/mnt/wkg/containers/firefox/root/.config/pulse/client.conf:
default-server = unix:/tmp/pulse-socket
Then in /usr/local/easy_containers/ec-chroot can, if audio is
enabled, bind /tmp/pulse-socket into the container. This is the
invocation that runs the container:
DISPLAY=:0 pflask --mount=bind:/mnt/sdc2/easyos/files/shared:/mnt/wkg/files/shared --keepenv \
--mount=bind:/tmp/.X11-unix/X0:/tmp/.X11-unix/X0 --no-ipcns --no-netns --mount=bind:/dev/snd:/dev/snd \
--mount=bind:/dev/mixer:/dev/mixer --mount=bind:/tmp/pulse-socket:/tmp/pulse-socket \
--caps=all,-sys_mount,-sys_admin,-sys_boot,-sys_chroot,-sys_ptrace,-sys_time,-sys_tty_config,-chown,-kill,-dac_override,-dac_read_search,-fowner,-setfcap,-setpcap,-net_admin,-mknod,-sys_module,-sys_nice,-sys_resource \
--no-userns --chroot=/mnt/sdc2/easyos/containers/firefox/container -- /.control/ec-run firefox
EasyContainers uses the 'pflask' utility, that chroots into the
container, imposing lots of security restrictions. The highlighted text
shows how the pulseaudio socket is bound into the container -- yay it
works!
Tags: easy