-
Notifications
You must be signed in to change notification settings - Fork 35
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
sandbox blocks open in firefox 54 #54
Comments
Thank you for the workaround, I've had this issue as well. apulse 0.1.10 with Firefox 54.0 on Gentoo. |
I don't think using some kind of sandbox bypassing techniques is a right direction to go. It should be possible to, say, create symlinks to files in /dev/snd/ somewhere else, and use the custom version of
According to my understanding of ALSA operation, it won't work. Apulse opens separate ALSA device instances for every PA stream to offload resampling and mixing to standard ALSA plugins. I think it's possible to open one playback and one capture stream just at the loading time, and perform resampling and mixing inside apulse. But that is reinventing of PulseAudio, but in the single application mode. There will be two mixing/resampling points: one in apulse, and one in ALSA's dmix.
Since it's possible to add own exceptions in Firefox sandbox, I'll go this way. For now, a generic message is added in 3895240. |
By the way, this setting accepts not only list of files, but also directories. If you add there |
Would the best thing then be to document this and tell distributors to maybe put it in their default configs? |
Hope this will be enough: ee63fd3#diff-04c6e90faac2675aa89e2176d2eec7d8R152
Additional preferences shouldn't harm. But if distro maintainer cares enough about ALSA, it's easier to add [1] See file /security/sandbox/linux/broker/SandboxBrokerPolicyFactory.cpp, search for "/dev/snd". |
seems good enough. hackarounds sound ugly even to me, and reimplementing alsa-lib sounds not fun. would be easier to just patch firefox if it were really needed. |
open("/dev/snd/controlC0", O_RDWR)
is blocked by sandbox. workaround: setsecurity.sandbox.content.write_path_whitelist
to/dev/snd/controlC0,/dev/snd/pcmC0D0p
.possible things to do in apulse:
The text was updated successfully, but these errors were encountered: