Open ghost opened 7 years ago
hishamhm
commented
7 years ago For me what solved the issue was adding /dev/snd/controlC0,/dev/snd/pcmC0D0p to security.sandbox.content.write_path_whitelist in about:config and I also did sudo chmod 0777 /dev/snd/* just in case but I'm not sure if that was necessary.
i-rinat
commented
7 years ago @shevegen
I already modified security.sandbox.content.write_path_whitelist in about:config
Just to be sure: you need to add /dev/snd/ there. It's important to keep / at the end. It says Firefox that the directory /dev/snd and all files in it should be added to the white list.
should I do "apulse firefox"?
Yep. That should be enough.
i-rinat
commented
7 years ago @hishamhm
adding
/dev/snd/controlC0,/dev/snd/pcmC0D0ptosecurity.sandbox.content.write_path_whitelist
If code that parses the string in Firefox sees trailing /, the path is added to the whitelist as a directory:
sudo chmod 0777 /dev/snd/*just in case
Should not be necessary. As far as I understand either user is in audio group, and then they have rights to read-write to those files. Or there is Policykit running, which adds required permissions (ACLs) on the go.
keithbowes
commented
7 years ago I tried both adding /dev/snd/ to security.sandbox.content.write_path_whitelist and changing the permissions of /dev/snd/*. Neither worked. But eh, without installing pulseaudio, at least I can still watch Netflix through Pipelight, with audio and everything (until Mozilla rips out plugins, that is).
cbirchinger
commented
7 years ago "security.sandbox.content.level" reduced to 2 and security.sandbox.content.write_path_whitelist set to "/dev/snd/" works. Maybe the level 3 features of "security.sandbox.content.level" got added recently. I did my tests with Firefox 57 beta. The difference between level 2 and 3 are "Read access to most of the filesystem". Source: https://wiki.mozilla.org/Security/Sandbox
So maybe "security.sandbox.content.read_path_whitelist" would also need some entries if level 3 is activated. I've already tried adding /dev/snd/ and it wasn't enough.
Update: I've tried adding my home .asoundrc to "security.sandbox.content.read_path_whitelist" and while that wasn't enough and it opened a can of worms regarding even more ALSA permission denied messages. It definitely shows the issue is missing read access caused by a possible new Firefox sandboxing feature activated within "security.sandbox.content.level" = 3.
Update2: Depending on your ALSA config, it requires read access to .asoundrc and all files you reference (i.e. include) in there. So i assume people who have issues, use a .asoundrc in their home. Adding all personal ALSA config files to "security.sandbox.content.read_path_whitelist" fixes the issue.
i-rinat
commented
7 years ago Sandbox code in Firefox has logging capabilities. If you set environment variable MOZ_SANDBOX_LOGGING=1 before starting Firefox, it will print what system call it tries to make, and what are forbidden. May help debugging.
patrickdepinguin
commented
7 years ago After updating to Firefox 57, could no longer play audio, on e.g. mynoise.net. Problem was solved after adding '/dev/snd/' to security.sandbox.content.write_path_whitelist, with no other changes. Thanks!
Could a complete example be added, how to run firefox with sound on youtube please?
This would help me I think. I already modified security.sandbox.content.write_path_whitelist in about:config but I am not sure what else to do ... should I do "apulse firefox"? Would this then work for youtube audio?
Perhaps this would be helpful for more people in general.
I tried to do "apulse firefox" and it is starting but when trying to play audio in the videos I get:
[apulse] [error] do_connect_pcm: can't get initial hw parameters for playback device "default". Error code 1 (Operation not permitted) [apulse] [error] do_connect_pcm: failed to open ALSA device. Apulse does no resampling or format conversion, leaving that task to ALSA plugins. Ensure that selected device is capable of playing a particular sample format at a particular rate. They have to be supported by either hardware directly, or by "plug" and "dmix" ALSA plugins which will perform required conversions on CPU. [apulse] [error] do_connect_pcm: can't get initial hw parameters for playback device "default". Error code 1 (Operation not permitted) [apulse] [error] do_connect_pcm: failed to open ALSA device. Apulse does no resampling or format conversion, leaving that task to ALSA plugins. Ensure that selected device is capable of playing a particular sample format at a particular rate. They have to be supported by either hardware directly, or by "plug" and "dmix" ALSA plugins which will perform required conversions on CPU.
And I am not sure what to do...
Thanks for reading!