kshade
commented
7 years ago Thank you for the workaround, I've had this issue as well. apulse 0.1.10 with Firefox 54.0 on Gentoo.
Closed Hello71 closed 7 years ago
kshade
commented
7 years ago Thank you for the workaround, I've had this issue as well. apulse 0.1.10 with Firefox 54.0 on Gentoo.
i-rinat
commented
7 years ago hackaround the sandbox
I don't think using some kind of sandbox bypassing techniques is a right direction to go. It should be possible to, say, create symlinks to files in /dev/snd/ somewhere else, and use the custom version of libasound.so.2 with paths changed. There is no way to change them dynamically, since they are hardcoded during build process. Or to create a preloaded library that intercepts open() to redirect accesses to /dev/snd/* to some other paths. In both cases a separate preloaded library should create symlinks. But all that looks cumbersome and wrong.
pre-initialize ALSA before forking?
According to my understanding of ALSA operation, it won't work. Apulse opens separate ALSA device instances for every PA stream to offload resampling and mixing to standard ALSA plugins. I think it's possible to open one playback and one capture stream just at the loading time, and perform resampling and mixing inside apulse. But that is reinventing of PulseAudio, but in the single application mode. There will be two mixing/resampling points: one in apulse, and one in ALSA's dmix.
print better error messages (if possible), document this issue
Since it's possible to add own exceptions in Firefox sandbox, I'll go this way. For now, a generic message is added in 38952401014b0f304858a384e771264054a2adac.
i-rinat
commented
7 years ago security.sandbox.content.write_path_whitelist
By the way, this setting accepts not only list of files, but also directories. If you add there /dev/snd/, all files in /dev/snd directory will be accessible for reading and writing. The / character at the end of /dev/snd/ is essential. All paths ending with / are considered directories.
kshade
commented
7 years ago Would the best thing then be to document this and tell distributors to maybe put it in their default configs?
i-rinat
commented
7 years ago to document this
Hope this will be enough: https://github.com/i-rinat/apulse/commit/ee63fd3bffcd856f5d3c591f1b9ee5ff56afbc81#diff-04c6e90faac2675aa89e2176d2eec7d8R152
and tell distributors to maybe put it in their default configs?
Additional preferences shouldn't harm. But if distro maintainer cares enough about ALSA, it's easier to add ac_add_options --enable-alsa to Firefox build options and build it with ALSA support enabled. Firefox devs actually added sandbox exception for ALSA device paths. But it's there only for --enable-alsa builds [1].
[1] See file /security/sandbox/linux/broker/SandboxBrokerPolicyFactory.cpp, search for "/dev/snd".
Hello71
commented
7 years ago seems good enough. hackarounds sound ugly even to me, and reimplementing alsa-lib sounds not fun. would be easier to just patch firefox if it were really needed.
open("/dev/snd/controlC0", O_RDWR)is blocked by sandbox. workaround: setsecurity.sandbox.content.write_path_whitelistto/dev/snd/controlC0,/dev/snd/pcmC0D0p.possible things to do in apulse: