[GH-ISSUE #200] grsecurity + firejail + ALSA + firefox is not working #136

New issue

Closed

opened 2026-05-05 05:08:56 -06:00 by gitea-mirror · 5 comments

gitea-mirror commented 2026-05-05 05:08:56 -06:00

Owner

Copy link

Originally created by @jvican on GitHub (Dec 22, 2015).
Original GitHub issue: https://github.com/netblue30/firejail/issues/200

Hi @netblue30,

Nice work here. Just want to report on you that firefox is not reproducing audio when executed in a firejail. In fact, when trying to test speaker-test inside a firejail, I get the following:

ALSA lib /var/tmp/portage/media-libs/alsa-lib-1.0.29/work/alsa-lib-1.0.29/src/confmisc.c:768:(parse_card) cannot find card '0'
ALSA lib /var/tmp/portage/media-libs/alsa-lib-1.0.29/work/alsa-lib-1.0.29/src/conf.c:4260:(_snd_config_evaluate) function snd_func_card_driver returned error: No such file or directory
ALSA lib /var/tmp/portage/media-libs/alsa-lib-1.0.29/work/alsa-lib-1.0.29/src/confmisc.c:392:(snd_func_concat) error evaluating strings
ALSA lib /var/tmp/portage/media-libs/alsa-lib-1.0.29/work/alsa-lib-1.0.29/src/conf.c:4260:(_snd_config_evaluate) function snd_func_concat returned error: No such file or directory
ALSA lib /var/tmp/portage/media-libs/alsa-lib-1.0.29/work/alsa-lib-1.0.29/src/confmisc.c:1251:(snd_func_refer) error evaluating name
ALSA lib /var/tmp/portage/media-libs/alsa-lib-1.0.29/work/alsa-lib-1.0.29/src/conf.c:4260:(_snd_config_evaluate) function snd_func_refer returned error: No such file or directory
ALSA lib /var/tmp/portage/media-libs/alsa-lib-1.0.29/work/alsa-lib-1.0.29/src/conf.c:4739:(snd_config_expand) Evaluate error: No such file or directory
ALSA lib /var/tmp/portage/media-libs/alsa-lib-1.0.29/work/alsa-lib-1.0.29/src/pcm/pcm.c:2267:(snd_pcm_open_noupdate) Unknown PCM default
Playback open error: -2,No such file or directory

The problem looks like a permission problem. I have tried to disable seccomp and caps, but no luck. My kernel is patched with grsecurity, even though the logs are not saying anything in particular about this problem, so I don't know if it's related. I am running Gentoo 4.1.7-hardened-r1.

I guess it's not necessary to note that firefox is reproducing audio correctly when it's not firejailed.

Originally created by @jvican on GitHub (Dec 22, 2015). Original GitHub issue: https://github.com/netblue30/firejail/issues/200 Hi @netblue30, Nice work here. Just want to report on you that firefox is not reproducing audio when executed in a firejail. In fact, when trying to test `speaker-test` inside a firejail, I get the following: ``` ALSA lib /var/tmp/portage/media-libs/alsa-lib-1.0.29/work/alsa-lib-1.0.29/src/confmisc.c:768:(parse_card) cannot find card '0' ALSA lib /var/tmp/portage/media-libs/alsa-lib-1.0.29/work/alsa-lib-1.0.29/src/conf.c:4260:(_snd_config_evaluate) function snd_func_card_driver returned error: No such file or directory ALSA lib /var/tmp/portage/media-libs/alsa-lib-1.0.29/work/alsa-lib-1.0.29/src/confmisc.c:392:(snd_func_concat) error evaluating strings ALSA lib /var/tmp/portage/media-libs/alsa-lib-1.0.29/work/alsa-lib-1.0.29/src/conf.c:4260:(_snd_config_evaluate) function snd_func_concat returned error: No such file or directory ALSA lib /var/tmp/portage/media-libs/alsa-lib-1.0.29/work/alsa-lib-1.0.29/src/confmisc.c:1251:(snd_func_refer) error evaluating name ALSA lib /var/tmp/portage/media-libs/alsa-lib-1.0.29/work/alsa-lib-1.0.29/src/conf.c:4260:(_snd_config_evaluate) function snd_func_refer returned error: No such file or directory ALSA lib /var/tmp/portage/media-libs/alsa-lib-1.0.29/work/alsa-lib-1.0.29/src/conf.c:4739:(snd_config_expand) Evaluate error: No such file or directory ALSA lib /var/tmp/portage/media-libs/alsa-lib-1.0.29/work/alsa-lib-1.0.29/src/pcm/pcm.c:2267:(snd_pcm_open_noupdate) Unknown PCM default Playback open error: -2,No such file or directory ``` The problem looks like a permission problem. I have tried to disable seccomp and caps, but no luck. My kernel is patched with grsecurity, even though the logs are not saying anything in particular about this problem, so I don't know if it's related. I am running Gentoo 4.1.7-hardened-r1. I guess it's not necessary to note that firefox is reproducing audio correctly when it's not firejailed.

gitea-mirror 2026-05-05 05:08:56 -06:00

• closed this issue
• added the
  bug
  label

gitea-mirror commented 2026-05-05 05:09:03 -06:00

Author

Owner

Copy link

@netblue30 commented on GitHub (Dec 23, 2015):

Let's try to find out what the file is. Grab the latest version from git or from https://github.com/netblue30/firejail/archive/master.zip

Start firejail with --trace argument:

$ firejail --trace
Reading profile /etc/firejail/generic.profile
Reading profile /etc/firejail/disable-mgmt.inc
Reading profile /etc/firejail/disable-secret.inc
Reading profile /etc/firejail/disable-common.inc

** Note: you can use --noprofile to disable generic.profile **

Parent pid 3365, child pid 3366
Child process initialized
2:bash:open /dev/tty:3
2:bash:open /dev/tty:3
2:bash:fopen /etc/passwd:0x1e73008
2:bash:open /etc/bash.bashrc:3
[...]

Then, start speaker-test:

$ speaker-test

speaker-test 1.0.25

Playback device is default
Stream parameters are 48000Hz, S16_LE, 1 channels
Using 16 octaves of pink noise
45:speaker-test:fopen /usr/share/alsa/alsa.conf:0x17984c0
45:speaker-test:access /usr/share/alsa/alsa.conf.d/:0
45:speaker-test:fopen /usr/share/alsa/alsa.conf.d//50-pulseaudio.conf:0x17a8540
45:speaker-test:access /etc/asound.conf:-1
[...]

<!-- gh-comment-id:166898698 --> @netblue30 commented on GitHub (Dec 23, 2015): Let's try to find out what the file is. Grab the latest version from git or from https://github.com/netblue30/firejail/archive/master.zip Start firejail with --trace argument: ``` $ firejail --trace Reading profile /etc/firejail/generic.profile Reading profile /etc/firejail/disable-mgmt.inc Reading profile /etc/firejail/disable-secret.inc Reading profile /etc/firejail/disable-common.inc ** Note: you can use --noprofile to disable generic.profile ** Parent pid 3365, child pid 3366 Child process initialized 2:bash:open /dev/tty:3 2:bash:open /dev/tty:3 2:bash:fopen /etc/passwd:0x1e73008 2:bash:open /etc/bash.bashrc:3 [...] ``` Then, start speaker-test: ``` $ speaker-test speaker-test 1.0.25 Playback device is default Stream parameters are 48000Hz, S16_LE, 1 channels Using 16 octaves of pink noise 45:speaker-test:fopen /usr/share/alsa/alsa.conf:0x17984c0 45:speaker-test:access /usr/share/alsa/alsa.conf.d/:0 45:speaker-test:fopen /usr/share/alsa/alsa.conf.d//50-pulseaudio.conf:0x17a8540 45:speaker-test:access /etc/asound.conf:-1 [...] ```

gitea-mirror commented 2026-05-05 05:09:05 -06:00

Author

Owner

Copy link

@jvican commented on GitHub (Dec 27, 2015):

@netblue30 : thanks for the support, here you have the log file (with --noprofile I get the same result)

Reading profile /etc/firejail/server.profile
Reading profile /etc/firejail/disable-mgmt.inc

speaker-test 1.0.29

Playback device is default
Stream parameters are 48000Hz, S16_LE, 1 channels
Using 16 octaves of pink noise
2:speaker-test:fopen /usr/share/alsa/alsa.conf:0xb7458033f30
2:speaker-test:access /usr/share/alsa/alsa.conf.d/:0
2:speaker-test:fopen /usr/share/alsa/alsa.conf.d//50-pulseaudio.conf:0xb74580441d0
2:speaker-test:fopen /usr/share/alsa/alsa.conf.d//51-pulseaudio-probe.conf:0xb74580441d0
2:speaker-test:access /etc/asound.conf:-1
2:speaker-test:access /root/.asoundrc:-1
2:speaker-test:fopen /root/.pulse/client.conf:(nil)
2:speaker-test:fopen /root/.config/pulse/client.conf:(nil)
2:speaker-test:fopen /etc/pulse/client.conf:(nil)
2:speaker-test:socket AF_LOCAL SOCK_STREAM IPPROTO_IP:5
2:speaker-test:connect @/tmp/.X11-unix/X0:0
2:speaker-test:access /root/.xauth1oGiJW:-1
No protocol specified
xcb_connection_has_error() returned true
2:speaker-test:opendir /dev/shm/:0xb7458054390
2:speaker-test:open /dev/urandom:5
2:speaker-test:open /dev/shm/pulse-shm-3602524250:5
2:speaker-test:access /root/.pulse:-1
2:speaker-test:mkdir /root/.config/pulse:-1
2:speaker-test:mkdir /root/.config:0
2:speaker-test:open /root/.config:5
2:speaker-test:mkdir /root/.config/pulse:0
2:speaker-test:open /root/.config/pulse:5
2:speaker-test:fopen /etc/machine-id:0xb74580537b0
2:speaker-test:mkdir /tmp/pulse-PKdhtXMmr18n:-1
2:speaker-test:mkdir /tmp/pulse-2L9K88eMlGn7:-1
2:speaker-test:mkdir /tmp/pulse-CcctT9RwKSB1:-1
2:speaker-test:mkdir /tmp/pulse-FebW397VI5uG:-1
2:speaker-test:mkdir /tmp/pulse-1yhc3uavuaOb:-1
2:speaker-test:mkdir /tmp/pulse-9vyJcXyHZzsR:-1
2:speaker-test:mkdir /tmp/pulse-wpC5iUzahEca:-1
2:speaker-test:mkdir /tmp/pulse-Yatja7kaqGHs:0
2:speaker-test:socket AF_LOCAL SOCK_STREAM IPPROTO_IP:5
2:speaker-test:connect /tmp/pulse-Yatja7kaqGHs/native:-1
2:speaker-test:socket AF_LOCAL SOCK_STREAM IPPROTO_IP:5
2:speaker-test:connect /var/run/pulse/native:-1
2:speaker-test:unlink /dev/shm/pulse-shm-3602524250:0
2:speaker-test:fopen /usr/share/alsa/cards/aliases.conf:0xb7458053f70
2:speaker-test:fopen /usr/share/alsa/pcm/default.conf:0xb745804f800
2:speaker-test:fopen /usr/share/alsa/pcm/dmix.conf:0xb745804f800
2:speaker-test:fopen /usr/share/alsa/pcm/dsnoop.conf:0xb745804f800
2:speaker-test:open /dev/snd/controlC0:-1
2:speaker-test:open /dev/aloadC0:-1
2:speaker-test:open /dev/snd/controlC1:-1
2:speaker-test:open /dev/aloadC1:-1
2:speaker-test:open /dev/snd/controlC2:-1
2:speaker-test:open /dev/aloadC2:-1
2:speaker-test:open /dev/snd/controlC3:-1
2:speaker-test:open /dev/aloadC3:-1
2:speaker-test:open /dev/snd/controlC4:-1
2:speaker-test:open /dev/aloadC4:-1
2:speaker-test:open /dev/snd/controlC5:-1
2:speaker-test:open /dev/aloadC5:-1
2:speaker-test:open /dev/snd/controlC6:-1
2:speaker-test:open /dev/aloadC6:-1
2:speaker-test:open /dev/snd/controlC7:-1
2:speaker-test:open /dev/aloadC7:-1
2:speaker-test:open /dev/snd/controlC8:-1
2:speaker-test:open /dev/aloadC8:-1
2:speaker-test:open /dev/snd/controlC9:-1
2:speaker-test:open /dev/aloadC9:-1
2:speaker-test:open /dev/snd/controlC10:-1
2:speaker-test:open /dev/aloadC10:-1
2:speaker-test:open /dev/snd/controlC11:-1
2:speaker-test:open /dev/aloadC11:-1
2:speaker-test:open /dev/snd/controlC12:-1
2:speaker-test:open /dev/aloadC12:-1
2:speaker-test:open /dev/snd/controlC13:-1
2:speaker-test:open /dev/aloadC13:-1
2:speaker-test:open /dev/snd/controlC14:-1
2:speaker-test:open /dev/aloadC14:-1
2:speaker-test:open /dev/snd/controlC15:-1
2:speaker-test:open /dev/aloadC15:-1
2:speaker-test:open /dev/snd/controlC16:-1
2:speaker-test:open /dev/aloadC16:-1
2:speaker-test:open /dev/snd/controlC17:-1
2:speaker-test:open /dev/aloadC17:-1
2:speaker-test:open /dev/snd/controlC18:-1
2:speaker-test:open /dev/aloadC18:-1
2:speaker-test:open /dev/snd/controlC19:-1
2:speaker-test:open /dev/aloadC19:-1
2:speaker-test:open /dev/snd/controlC20:-1
2:speaker-test:open /dev/aloadC20:-1
2:speaker-test:open /dev/snd/controlC21:-1
2:speaker-test:open /dev/aloadC21:-1
2:speaker-test:open /dev/snd/controlC22:-1
2:speaker-test:open /dev/aloadC22:-1
2:speaker-test:open /dev/snd/controlC23:-1
2:speaker-test:open /dev/aloadC23:-1
2:speaker-test:open /dev/snd/controlC24:-1
ALSA lib /var/tmp/portage/media-libs/alsa-lib-1.0.29/work/alsa-lib-1.0.29/src/confmisc.c:768:(parse_card) cannot find card '0'
ALSA lib /var/tmp/portage/media-libs/alsa-lib-1.0.29/work/alsa-lib-1.0.29/src/conf.c:4260:(_snd_config_evaluate) function snd_func_card_driver returned error: No such file or directory
ALSA lib /var/tmp/portage/media-libs/alsa-lib-1.0.29/work/alsa-lib-1.0.29/src/confmisc.c:392:(snd_func_concat) error evaluating strings
ALSA lib /var/tmp/portage/media-libs/alsa-lib-1.0.29/work/alsa-lib-1.0.29/src/conf.c:4260:(_snd_config_evaluate) function snd_func_concat returned error: No such file or directory
ALSA lib /var/tmp/portage/media-libs/alsa-lib-1.0.29/work/alsa-lib-1.0.29/src/confmisc.c:1251:(snd_func_refer) error evaluating name
ALSA lib /var/tmp/portage/media-libs/alsa-lib-1.0.29/work/alsa-lib-1.0.29/src/conf.c:4260:(_snd_config_evaluate) function snd_func_refer returned error: No such file or directory
ALSA lib /var/tmp/portage/media-libs/alsa-lib-1.0.29/work/alsa-lib-1.0.29/src/conf.c:4739:(snd_config_expand) Evaluate error: No such file or directory
ALSA lib /var/tmp/portage/media-libs/alsa-lib-1.0.29/work/alsa-lib-1.0.29/src/pcm/pcm.c:2267:(snd_pcm_open_noupdate) Unknown PCM default
2:speaker-test:open /dev/aloadC24:-1
2:speaker-test:open /dev/snd/controlC25:-1
2:speaker-test:open /dev/aloadC25:-1
2:speaker-test:open /dev/snd/controlC26:-1
2:speaker-test:open /dev/aloadC26:-1
2:speaker-test:open /dev/snd/controlC27:-1
2:speaker-test:open /dev/aloadC27:-1
2:speaker-test:open /dev/snd/controlC28:-1
2:speaker-test:open /dev/aloadC28:-1
2:speaker-test:open /dev/snd/controlC29:-1
2:speaker-test:open /dev/aloadC29:-1
2:speaker-test:open /dev/snd/controlC30:-1
2:speaker-test:open /dev/aloadC30:-1
2:speaker-test:open /dev/snd/controlC31:-1
2:speaker-test:open /dev/aloadC31:-1
2:speaker-test:open /dev/snd/controlC0:-1
2:speaker-test:open /dev/aloadC0:-1
Playback open error: -2,No such file or directory

** Note: you can use --noprofile to disable server.profile **

Parent pid 31849, child pid 31852
The new log directory is /proc/31852/root/var/log

parent is shutting down, bye...

Perhaps the problem is due to something related to Xorg...
UPDATE: The log has been updated.

<!-- gh-comment-id:167441581 --> @jvican commented on GitHub (Dec 27, 2015): @netblue30 : thanks for the support, here you have the log file (with --noprofile I get the same result) ``` Reading profile /etc/firejail/server.profile Reading profile /etc/firejail/disable-mgmt.inc speaker-test 1.0.29 Playback device is default Stream parameters are 48000Hz, S16_LE, 1 channels Using 16 octaves of pink noise 2:speaker-test:fopen /usr/share/alsa/alsa.conf:0xb7458033f30 2:speaker-test:access /usr/share/alsa/alsa.conf.d/:0 2:speaker-test:fopen /usr/share/alsa/alsa.conf.d//50-pulseaudio.conf:0xb74580441d0 2:speaker-test:fopen /usr/share/alsa/alsa.conf.d//51-pulseaudio-probe.conf:0xb74580441d0 2:speaker-test:access /etc/asound.conf:-1 2:speaker-test:access /root/.asoundrc:-1 2:speaker-test:fopen /root/.pulse/client.conf:(nil) 2:speaker-test:fopen /root/.config/pulse/client.conf:(nil) 2:speaker-test:fopen /etc/pulse/client.conf:(nil) 2:speaker-test:socket AF_LOCAL SOCK_STREAM IPPROTO_IP:5 2:speaker-test:connect @/tmp/.X11-unix/X0:0 2:speaker-test:access /root/.xauth1oGiJW:-1 No protocol specified xcb_connection_has_error() returned true 2:speaker-test:opendir /dev/shm/:0xb7458054390 2:speaker-test:open /dev/urandom:5 2:speaker-test:open /dev/shm/pulse-shm-3602524250:5 2:speaker-test:access /root/.pulse:-1 2:speaker-test:mkdir /root/.config/pulse:-1 2:speaker-test:mkdir /root/.config:0 2:speaker-test:open /root/.config:5 2:speaker-test:mkdir /root/.config/pulse:0 2:speaker-test:open /root/.config/pulse:5 2:speaker-test:fopen /etc/machine-id:0xb74580537b0 2:speaker-test:mkdir /tmp/pulse-PKdhtXMmr18n:-1 2:speaker-test:mkdir /tmp/pulse-2L9K88eMlGn7:-1 2:speaker-test:mkdir /tmp/pulse-CcctT9RwKSB1:-1 2:speaker-test:mkdir /tmp/pulse-FebW397VI5uG:-1 2:speaker-test:mkdir /tmp/pulse-1yhc3uavuaOb:-1 2:speaker-test:mkdir /tmp/pulse-9vyJcXyHZzsR:-1 2:speaker-test:mkdir /tmp/pulse-wpC5iUzahEca:-1 2:speaker-test:mkdir /tmp/pulse-Yatja7kaqGHs:0 2:speaker-test:socket AF_LOCAL SOCK_STREAM IPPROTO_IP:5 2:speaker-test:connect /tmp/pulse-Yatja7kaqGHs/native:-1 2:speaker-test:socket AF_LOCAL SOCK_STREAM IPPROTO_IP:5 2:speaker-test:connect /var/run/pulse/native:-1 2:speaker-test:unlink /dev/shm/pulse-shm-3602524250:0 2:speaker-test:fopen /usr/share/alsa/cards/aliases.conf:0xb7458053f70 2:speaker-test:fopen /usr/share/alsa/pcm/default.conf:0xb745804f800 2:speaker-test:fopen /usr/share/alsa/pcm/dmix.conf:0xb745804f800 2:speaker-test:fopen /usr/share/alsa/pcm/dsnoop.conf:0xb745804f800 2:speaker-test:open /dev/snd/controlC0:-1 2:speaker-test:open /dev/aloadC0:-1 2:speaker-test:open /dev/snd/controlC1:-1 2:speaker-test:open /dev/aloadC1:-1 2:speaker-test:open /dev/snd/controlC2:-1 2:speaker-test:open /dev/aloadC2:-1 2:speaker-test:open /dev/snd/controlC3:-1 2:speaker-test:open /dev/aloadC3:-1 2:speaker-test:open /dev/snd/controlC4:-1 2:speaker-test:open /dev/aloadC4:-1 2:speaker-test:open /dev/snd/controlC5:-1 2:speaker-test:open /dev/aloadC5:-1 2:speaker-test:open /dev/snd/controlC6:-1 2:speaker-test:open /dev/aloadC6:-1 2:speaker-test:open /dev/snd/controlC7:-1 2:speaker-test:open /dev/aloadC7:-1 2:speaker-test:open /dev/snd/controlC8:-1 2:speaker-test:open /dev/aloadC8:-1 2:speaker-test:open /dev/snd/controlC9:-1 2:speaker-test:open /dev/aloadC9:-1 2:speaker-test:open /dev/snd/controlC10:-1 2:speaker-test:open /dev/aloadC10:-1 2:speaker-test:open /dev/snd/controlC11:-1 2:speaker-test:open /dev/aloadC11:-1 2:speaker-test:open /dev/snd/controlC12:-1 2:speaker-test:open /dev/aloadC12:-1 2:speaker-test:open /dev/snd/controlC13:-1 2:speaker-test:open /dev/aloadC13:-1 2:speaker-test:open /dev/snd/controlC14:-1 2:speaker-test:open /dev/aloadC14:-1 2:speaker-test:open /dev/snd/controlC15:-1 2:speaker-test:open /dev/aloadC15:-1 2:speaker-test:open /dev/snd/controlC16:-1 2:speaker-test:open /dev/aloadC16:-1 2:speaker-test:open /dev/snd/controlC17:-1 2:speaker-test:open /dev/aloadC17:-1 2:speaker-test:open /dev/snd/controlC18:-1 2:speaker-test:open /dev/aloadC18:-1 2:speaker-test:open /dev/snd/controlC19:-1 2:speaker-test:open /dev/aloadC19:-1 2:speaker-test:open /dev/snd/controlC20:-1 2:speaker-test:open /dev/aloadC20:-1 2:speaker-test:open /dev/snd/controlC21:-1 2:speaker-test:open /dev/aloadC21:-1 2:speaker-test:open /dev/snd/controlC22:-1 2:speaker-test:open /dev/aloadC22:-1 2:speaker-test:open /dev/snd/controlC23:-1 2:speaker-test:open /dev/aloadC23:-1 2:speaker-test:open /dev/snd/controlC24:-1 ALSA lib /var/tmp/portage/media-libs/alsa-lib-1.0.29/work/alsa-lib-1.0.29/src/confmisc.c:768:(parse_card) cannot find card '0' ALSA lib /var/tmp/portage/media-libs/alsa-lib-1.0.29/work/alsa-lib-1.0.29/src/conf.c:4260:(_snd_config_evaluate) function snd_func_card_driver returned error: No such file or directory ALSA lib /var/tmp/portage/media-libs/alsa-lib-1.0.29/work/alsa-lib-1.0.29/src/confmisc.c:392:(snd_func_concat) error evaluating strings ALSA lib /var/tmp/portage/media-libs/alsa-lib-1.0.29/work/alsa-lib-1.0.29/src/conf.c:4260:(_snd_config_evaluate) function snd_func_concat returned error: No such file or directory ALSA lib /var/tmp/portage/media-libs/alsa-lib-1.0.29/work/alsa-lib-1.0.29/src/confmisc.c:1251:(snd_func_refer) error evaluating name ALSA lib /var/tmp/portage/media-libs/alsa-lib-1.0.29/work/alsa-lib-1.0.29/src/conf.c:4260:(_snd_config_evaluate) function snd_func_refer returned error: No such file or directory ALSA lib /var/tmp/portage/media-libs/alsa-lib-1.0.29/work/alsa-lib-1.0.29/src/conf.c:4739:(snd_config_expand) Evaluate error: No such file or directory ALSA lib /var/tmp/portage/media-libs/alsa-lib-1.0.29/work/alsa-lib-1.0.29/src/pcm/pcm.c:2267:(snd_pcm_open_noupdate) Unknown PCM default 2:speaker-test:open /dev/aloadC24:-1 2:speaker-test:open /dev/snd/controlC25:-1 2:speaker-test:open /dev/aloadC25:-1 2:speaker-test:open /dev/snd/controlC26:-1 2:speaker-test:open /dev/aloadC26:-1 2:speaker-test:open /dev/snd/controlC27:-1 2:speaker-test:open /dev/aloadC27:-1 2:speaker-test:open /dev/snd/controlC28:-1 2:speaker-test:open /dev/aloadC28:-1 2:speaker-test:open /dev/snd/controlC29:-1 2:speaker-test:open /dev/aloadC29:-1 2:speaker-test:open /dev/snd/controlC30:-1 2:speaker-test:open /dev/aloadC30:-1 2:speaker-test:open /dev/snd/controlC31:-1 2:speaker-test:open /dev/aloadC31:-1 2:speaker-test:open /dev/snd/controlC0:-1 2:speaker-test:open /dev/aloadC0:-1 Playback open error: -2,No such file or directory ** Note: you can use --noprofile to disable server.profile ** Parent pid 31849, child pid 31852 The new log directory is /proc/31852/root/var/log parent is shutting down, bye... ``` Perhaps the problem is due to something related to Xorg... **UPDATE**: The log has been updated.

gitea-mirror commented 2026-05-05 05:09:07 -06:00

Author

Owner

Copy link

@netblue30 commented on GitHub (Dec 29, 2015):

You also have PulseAudio installed. It is probably a 7.x version. Somehow, when you have both ALSA and PulseAudio, PulseAudio takes precedence.

PulseAudio 7.x has a bug where it deletes some files from shared memory, without taking in account the PID namespace. I have a workaround on this page, in "Known Bugs" section: https://firejail.wordpress.com/support/ .

<!-- gh-comment-id:167682455 --> @netblue30 commented on GitHub (Dec 29, 2015): You also have PulseAudio installed. It is probably a 7.x version. Somehow, when you have both ALSA and PulseAudio, PulseAudio takes precedence. PulseAudio 7.x has a bug where it deletes some files from shared memory, without taking in account the PID namespace. I have a workaround on this page, in "Known Bugs" section: https://firejail.wordpress.com/support/ .

gitea-mirror commented 2026-05-05 05:09:09 -06:00

Author

Owner

Copy link

@jvican commented on GitHub (Dec 29, 2015):

I have solved the issue. I uninstalled completely pulseaudio and the problem remained. So, this wasn't the main problem.

I figured out that it could be a problem with chroot + grsecurity. Grsecurity does have a lot of permission constraints with namespaces when chrooting. For instance, when running firejail from a non-root user the groups were disabled and most of the folders under /proc and /dev were hidden (and this behaviour was not expected to happen if not using --nogroups). In fact, /dev/snd was not accessible.

The solution is to append grsec_proc_gid=18 to the kernel boot sequence (grub/syslinux) where 18 is the gid of the audio group. This command allows the users in that group to access those pseudo-systems and the audio card devices.

More information about grsec here.

<!-- gh-comment-id:167786518 --> @jvican commented on GitHub (Dec 29, 2015): I have solved the issue. I uninstalled completely pulseaudio and the problem remained. So, this wasn't the main problem. I figured out that it could be a problem with chroot + grsecurity. Grsecurity does have a lot of permission constraints with namespaces when chrooting. For instance, when running firejail from a non-root user the groups were disabled and most of the folders under /proc and /dev were hidden (and this behaviour was not expected to happen if not using --nogroups). In fact, `/dev/snd` was not accessible. The solution is to append `grsec_proc_gid=18` to the kernel boot sequence (grub/syslinux) where 18 is the gid of the `audio` group. This command allows the users in that group to access those pseudo-systems and the audio card devices. More information about grsec [here](https://en.wikibooks.org/wiki/Grsecurity/Appendix/Grsecurity_and_PaX_Configuration_Options#Default_Special_Groups).

gitea-mirror commented 2026-05-05 05:09:11 -06:00

Author

Owner

Copy link

@netblue30 commented on GitHub (Dec 29, 2015):

Thanks!

<!-- gh-comment-id:167843683 --> @netblue30 commented on GitHub (Dec 29, 2015): Thanks!

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

master

serialize_remounts_v2

landlock_v4

landlock

release-0.9.64

release-0.9.62

gitlab_ci

LTSbase

fred_ctests

docs

0.9.80

0.9.80-rc1

0.9.78

0.9.76

0.9.76-rc4

0.9.76-rc3

0.9.76-rc2

0.9.76-rc1

0.9.74

landlock-split

0.9.72

0.9.72rc1

0.9.70

0.9.68

0.9.68rc1

0.9.66

0.9.66rc1

0.9.64.4

0.9.64.2

0.9.64

0.9.64rc1

0.9.62.4

0.9.62.2

0.9.62

0.9.56.2-LTS

0.9.60

0.9.60-rc1

0.9.58.2

0.9.58

0.9.58-rc1

0.9.56-LTS-release

0.9.56-LTS

0.9.56

0.9.56-rc1

0.9.54

0.9.54-rc2

0.9.54-rc1

0.9.52

0.9.38.12

0.9.50

0.9.50-rc1

0.9.48

0.9.46

0.9.46-rc1

0.9.44.10

0.9.44.8

0.9.44.6

0.9.38.10

0.9.44.4

0.9.38.8

0.9.44.2

0.9.44

0.9.44-rc1

0.9.38.4

0.9.42

0.9.42-rc2

0.9.38.2

0.9.42-rc1

disable-globalcfg

0.9.40

0.9.40-rc1

0.9.38

0.9.38-rc1

0.9.36

0.9.36-rc1

0.9.34

0.9.34-rc1

0.9.32

0.9.32-rc1

0.9.30

0.9.30-rc1

Labels

Clear labels   

LTS merge

  

LTS merge

  

bug

  

bug

  

converted-to-discussion

  

doc-todo

  

documentation

  

duplicate

  

enhancement

  

file-transfer

  

firecfg

  

firejail-in-firejail

  

firetools

  

graphics

  

help wanted

  

information_old

  

installation

  

invalid

  

modif

  

moved

  

needinfo

  

networking

  

notabug

  

notourbug

  

old-version

  

overlayfs

  

packaging

  

profile-request

  

pull-request

Mirrored from GitHub Pull Request

  

question

  

question_old

  

removal

  

runtime-permissions

  

sandbox-ipc

  

security

  

stale

  

wiki

  

wiki

  

wontfix

  

wordpress

  

workaround

No labels

LTS merge

LTS merge

bug

bug

converted-to-discussion

doc-todo

documentation

duplicate

enhancement

file-transfer

firecfg

firejail-in-firejail

firetools

graphics

help wanted

information_old

installation

invalid

modif

moved

needinfo

networking

notabug

notourbug

old-version

overlayfs

packaging

profile-request

pull-request

question

question_old

removal

runtime-permissions

sandbox-ipc

security

stale

wiki

wiki

wontfix

wordpress

workaround

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/firejail#136

No description provided.