search

netblue30 / firejail

Linux namespaces and seccomp-bpf sandbox
https://firejail.wordpress.com
GNU General Public License v2.0
5.73k stars 561 forks source link

No sound in Firefox (with apulse) #1470

Closed Hund closed 7 years ago

Hund commented 7 years ago

I'm running Funtoo with Firefox 54 and Firejail 0.9.46. Since I don't like Pulseaudio, I installed apulse to make the sound work via ALSA instead. The only problem is that I get no sound if I run Firefox with Firejail.

What's wrong?

reinerh commented 7 years ago

apulse uses LD_PRELOAD for calling different functions than intended. And firejail is a suid binary. LD_PRELOAD doesn't work with suid binaries. But using LD_PRELOAD inside the jail should work (though not completely sure).

So it probably depends on how you are starting the browser. ("apulse firejail firefox" vs. "firejail apulse firefox")

Hund commented 7 years ago

The command apulse firejail firefox lets me start Firefox, but I do not get any sound. And the command firejail apulse firefox results in:

Your Firefox profile cannot be loaded. It may be missing or inaccessible.

And the output from the terminal:

$ firejail apulse firefox
Reading profile /etc/firejail/default.profile
Reading profile /etc/firejail/disable-common.inc
Reading profile /etc/firejail/disable-programs.inc
Reading profile /etc/firejail/disable-passwdmgr.inc
Warning: noroot option is not available

** Note: you can use --noprofile to disable default.profile **

Parent pid 3457, child pid 3458
Child process initialized in 39.82 ms
Error: Access was denied while trying to open files in your profile directory.
SkewedZeppelin commented 7 years ago

Try "firejail --profile=/etc/firejail/firefox.profile" apulse /usr/bin/firefox"

Also please give this a try https://github.com/i-rinat/apulse#access-errors-in-do_connect_pcm

Hund commented 7 years ago

It didn't work.

ALSA lib /var/tmp/portage/media-libs/alsa-lib-1.1.3/work/alsa-lib-1.1.3/src/confmisc.c:767:(parse_card) cannot find card '0'
ALSA lib /var/tmp/portage/media-libs/alsa-lib-1.1.3/work/alsa-lib-1.1.3/src/conf.c:4528:(_snd_config_evaluate) function snd_func_card_driver returned error: No such file or directory
ALSA lib /var/tmp/portage/media-libs/alsa-lib-1.1.3/work/alsa-lib-1.1.3/src/confmisc.c:392:(snd_func_concat) error evaluating strings
ALSA lib /var/tmp/portage/media-libs/alsa-lib-1.1.3/work/alsa-lib-1.1.3/src/conf.c:4528:(_snd_config_evaluate) function snd_func_concat returned error: No such file or directory
ALSA lib /var/tmp/portage/media-libs/alsa-lib-1.1.3/work/alsa-lib-1.1.3/src/confmisc.c:1246:(snd_func_refer) error evaluating name
ALSA lib /var/tmp/portage/media-libs/alsa-lib-1.1.3/work/alsa-lib-1.1.3/src/conf.c:4528:(_snd_config_evaluate) function snd_func_refer returned error: No such file or directory
ALSA lib /var/tmp/portage/media-libs/alsa-lib-1.1.3/work/alsa-lib-1.1.3/src/conf.c:5007:(snd_config_expand) Evaluate error: No such file or directory
ALSA lib /var/tmp/portage/media-libs/alsa-lib-1.1.3/work/alsa-lib-1.1.3/src/pcm/pcm.c:2495:(snd_pcm_open_noupdate) Unknown PCM default
[apulse] [error] do_connect_pcm: can't open playback device "default". Error code -2 (No such file or directory)
[apulse] [error] do_connect_pcm: failed to open ALSA device. Apulse does no resampling or format conversion, leaving that task to ALSA plugins. Ensure that selected device is capable of playing a particular sample format at a particular rate. They have to be supported by either hardware directly, or by "plug" and "dmix" ALSA plugins which will perform required conversions on CPU.
ALSA lib /var/tmp/portage/media-libs/alsa-lib-1.1.3/work/alsa-lib-1.1.3/src/confmisc.c:767:(parse_card) cannot find card '0'
ALSA lib /var/tmp/portage/media-libs/alsa-lib-1.1.3/work/alsa-lib-1.1.3/src/conf.c:4528:(_snd_config_evaluate) function snd_func_card_driver returned error: No such file or directory
ALSA lib /var/tmp/portage/media-libs/alsa-lib-1.1.3/work/alsa-lib-1.1.3/src/confmisc.c:392:(snd_func_concat) error evaluating strings
ALSA lib /var/tmp/portage/media-libs/alsa-lib-1.1.3/work/alsa-lib-1.1.3/src/conf.c:4528:(_snd_config_evaluate) function snd_func_concat returned error: No such file or directory
ALSA lib /var/tmp/portage/media-libs/alsa-lib-1.1.3/work/alsa-lib-1.1.3/src/confmisc.c:1246:(snd_func_refer) error evaluating name
ALSA lib /var/tmp/portage/media-libs/alsa-lib-1.1.3/work/alsa-lib-1.1.3/src/conf.c:4528:(_snd_config_evaluate) function snd_func_refer returned error: No such file or directory
ALSA lib /var/tmp/portage/media-libs/alsa-lib-1.1.3/work/alsa-lib-1.1.3/src/conf.c:5007:(snd_config_expand) Evaluate error: No such file or directory
ALSA lib /var/tmp/portage/media-libs/alsa-lib-1.1.3/work/alsa-lib-1.1.3/src/pcm/pcm.c:2495:(snd_pcm_open_noupdate) Unknown PCM default
[apulse] [error] do_connect_pcm: can't open playback device "default". Error code -2 (No such file or directory)
[apulse] [error] do_connect_pcm: failed to open ALSA device. Apulse does no resampling or format conversion, leaving that task to ALSA plugins. Ensure that selected device is capable of playing a particular sample format at a particular rate. They have to be supported by either hardware directly, or by "plug" and "dmix" ALSA plugins which will perform required conversions on CPU.

Regarding the other link, I'm not sure if I explained myself poorly, but sound works in Frirefox if I don't run it with Firejail. :)

SkewedZeppelin commented 7 years ago

[apulse] [error] do_connect_pcm: can't open playback device "default". Error code -2 (No such file or directory)

But that error you just posted is what that link explains how to solve. Why that error isn't happening outside of Firejail I don't know, but its worth a try

Access errors in do_connect_pcm For example, Firefox now have a sandbox, that blocks file access. It has predefined list of allowed paths, but ALSA devices are not included by default. Fortunately, it's possible to add those path by hand. Add "/dev/snd/" to "security.sandbox.content.write_path_whitelist" parameter in about:config. Note that trailing slash in "/dev/snd/" is required.

Hund commented 7 years ago

Oh, I see. I tried that now and it didn't help.

netblue30 commented 7 years ago

Currently apulse is not supported, we'll try to bring it in. Try something much simpler like speaker-test (firejail --noprofile apulse speaker-test).

h1z1 commented 7 years ago

Rather then LD_PRELOAD you could modify the rpath of firefox-bin or install apulse system wide. You sure you gave access to the right device? Anything in your asoundrc perhaps?

Two other shell variables you can tweak are ALSA_CARD and ALSA_PCM_CARD (there are others but those are the basics).

Hund commented 7 years ago

@netblue30: firejail --noprofile apulse speaker-test works.

@h1z1: I installed apulse via my package manager, so I assume it's available system wide?

I don't have a asoundrc file and I'm not sure what do to with ALSA_CARD or ALSA_PCM_CARD.

h1z1 commented 7 years ago

@Hund make sure something like speaker-test -c2 -Ddefault

.. Outputs to the right speakers. The two environment variables I gave override whatever default it's detecting.

Also what is the output of cat /proc/asound/cards ? Don't remember tbh if it's something I did or firejail but the config for alsa is not whitelisted, thus not read. At least there's only one place I see a whitelist and it's for ~/.asoundrc which is only part.

h1z1 commented 7 years ago

Not entirely sure why the above comment was edited by @Fred-Barclay or that it was even possible??

Fred-Barclay commented 7 years ago

@h1z1 Sorry about that. I just added code tags to the post to make this look like this.

Cheers! Fred

Hund commented 7 years ago

Hm, I went back to Gentoo (for other reasons) and it works just fine now. I'm sure I haven't changed anything? Thank you for your time. :)