[GH-ISSUE #220] [bug] sound conflict with firefox, with firejail and apparmor

gitea-mirror commented

2026-05-05 05:11:01 -06:00

Owner

Originally created by @ghost on GitHub (Jan 12, 2016).
Original GitHub issue: https://github.com/netblue30/firejail/issues/220

When you use Firefox with firejail and apparmor, then either firefox monopolizes the sound output, or it has no sound if something else uses the sound output. This happens even with --noprofile, so probably it's firejails fault it self. This is with the default apparmor profile for firefox.

(Weellll, you can never be too paranoid with your web browser :P)

Linux Mint 17.3 KDE 4.14.2 firejail 0.9.36

Originally created by @ghost on GitHub (Jan 12, 2016). Original GitHub issue: https://github.com/netblue30/firejail/issues/220 When you use Firefox with firejail and apparmor, then either firefox monopolizes the sound output, or it has no sound if something else uses the sound output. This happens even with --noprofile, so probably it's firejails fault it self. This is with the default apparmor profile for firefox. (Weellll, you can never be too paranoid with your web browser :P) Linux Mint 17.3 KDE 4.14.2 firejail 0.9.36

gitea-mirror

2026-05-05 05:11:01 -06:00

closed this issue
added the
bug
label

gitea-mirror commented

2026-05-05 05:11:09 -06:00

Author

Owner

@netblue30 commented on GitHub (Jan 12, 2016):

There is a bug PulseAudio 7.0. It will get fixed in version 8.0. For now the workaround is to run pulse without shm support.

https://firejail.wordpress.com/support/ (look at Known Problems section).

@netblue30 commented on GitHub (Jan 12, 2016): There is a bug PulseAudio 7.0. It will get fixed in version 8.0. For now the workaround is to run pulse without shm support. https://firejail.wordpress.com/support/ (look at Known Problems section).

gitea-mirror commented

2026-05-05 05:11:12 -06:00

Author

Owner

@ghost commented on GitHub (Jan 12, 2016):

tried the work around, same behaviour as before :/ (unless i need a reboot...).
That bug description doesn't sound the same either.

@ghost commented on GitHub (Jan 12, 2016): tried the work around, same behaviour as before :/ (unless i need a reboot...). That bug description doesn't sound the same either.

gitea-mirror commented

2026-05-05 05:11:15 -06:00

Author

Owner

@netblue30 commented on GitHub (Jan 14, 2016):

Yes, you would need a reboot or a logout/login when you modify pulse configuration. I'll update the description in the web page to reflect that, thanks!

@netblue30 commented on GitHub (Jan 14, 2016): Yes, you would need a reboot or a logout/login when you modify pulse configuration. I'll update the description in the web page to reflect that, thanks!

gitea-mirror commented

2026-05-05 05:11:20 -06:00

Author

Owner

@ghost commented on GitHub (Jan 14, 2016):

behhh, it still doesn't fix it. I rebooted plenty of times since then XD

@ghost commented on GitHub (Jan 14, 2016): behhh, it still doesn't fix it. I rebooted plenty of times since then XD

gitea-mirror commented

2026-05-05 05:11:23 -06:00

Author

Owner

@netblue30 commented on GitHub (Jan 14, 2016):

Do you get any errors from AppArmor? I know some Ubuntu users complaining and disabling it.

@netblue30 commented on GitHub (Jan 14, 2016): Do you get any errors from AppArmor? I know some Ubuntu users complaining and disabling it.

gitea-mirror commented

2026-05-05 05:11:26 -06:00

Author

Owner

@ghost commented on GitHub (Jan 14, 2016):

from dmesg | tail
there is this that seam relevant
(apparmor by it self seams to work fine here)

[ 6388.922497] audit: type=1400 audit(1452806170.895:1193): apparmor="DENIED" operation="open" profile="/usr/lib/firefox/firefox{,[^s][^h]}" name="/etc/ld.so.preload" pid=7089 comm="pulseaudio" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
[ 6388.926568] audit: type=1400 audit(1452806170.899:1194): apparmor="DENIED" operation="open" profile="/usr/lib/firefox/firefox{,[^s][^h]}" name="/run/firejail/mnt/pulse/client.conf" pid=7089 comm="pulseaudio" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000
[ 6388.926790] audit: type=1400 audit(1452806170.899:1195): apparmor="DENIED" operation="sendmsg" info="Failed name lookup - disconnected path" error=-13 profile="/usr/lib/firefox/firefox{,*[^s][^h]}" name="dev/log" pid=7089 comm="pulseaudio" requested_mask="w" denied_mask="w" fsuid=1000 ouid=0

[ 6388.927534] audit: type=1400 audit(1452806170.899:1197): apparmor="DENIED" operation="mknod" profile="/usr/lib/firefox/firefox{,*[^s][^h]}" name="/run/user/1000/pulse/autospawn.lock" pid=7090 comm="autospawn" requested_mask="c" denied_mask="c" fsuid=1000 ouid=1000

@ghost commented on GitHub (Jan 14, 2016): from dmesg | tail there is this that seam relevant (apparmor by it self seams to work fine here) [ 6388.922497] audit: type=1400 audit(1452806170.895:1193): apparmor="DENIED" operation="open" profile="/usr/lib/firefox/firefox{,_[^s][^h]}" name="/etc/ld.so.preload" pid=7089 comm="pulseaudio" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0 [ 6388.926568] audit: type=1400 audit(1452806170.899:1194): apparmor="DENIED" operation="open" profile="/usr/lib/firefox/firefox{,_[^s][^h]}" name="/run/firejail/mnt/pulse/client.conf" pid=7089 comm="pulseaudio" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000 [ 6388.926790] audit: type=1400 audit(1452806170.899:1195): apparmor="DENIED" operation="sendmsg" info="Failed name lookup - disconnected path" error=-13 profile="/usr/lib/firefox/firefox{,*[^s][^h]}" name="dev/log" pid=7089 comm="pulseaudio" requested_mask="w" denied_mask="w" fsuid=1000 ouid=0 [ 6388.927534] audit: type=1400 audit(1452806170.899:1197): apparmor="DENIED" operation="mknod" profile="/usr/lib/firefox/firefox{,*[^s][^h]}" name="/run/user/1000/pulse/autospawn.lock" pid=7090 comm="autospawn" requested_mask="c" denied_mask="c" fsuid=1000 ouid=1000

gitea-mirror commented

2026-05-05 05:11:27 -06:00

Author

Owner

@netblue30 commented on GitHub (Jan 15, 2016):

(apparmor by it self seams to work fine here)

From your messages, it looks like apparmor killed pulseaudio. You would need to disable apparmor until I get a chance to look at it. I've heard from other users about problems with apparmor.

@netblue30 commented on GitHub (Jan 15, 2016): > (apparmor by it self seams to work fine here) From your messages, it looks like apparmor killed pulseaudio. You would need to disable apparmor until I get a chance to look at it. I've heard from other users about problems with apparmor.

gitea-mirror commented

2026-05-05 05:11:29 -06:00

Author

Owner

@ghost commented on GitHub (Jan 16, 2016):

actually the bug is not too annoying, i'll just leave both running.

inside firejail, i also see a bunch of zombie pulseaudio processes (after several tries).
It seams pulseaudio try to start inside firefox/firejail/apparmor
The "normall" pulseaudio process seams fine.

When i play amarok/firejail(no apparmor), and then try to play sound in the firefox/firejail/apparmor, two pulseaudio zombies appear (in the jail of amarok).

i have a script, that is launched by firefox that lauches vlc. It uses this addon
https://addons.mozilla.org/en-US/firefox/addon/firefox2bash/?src=ss
That vlc plays sound fine and doesn't conflicts with other apps and appears in the volume controler/mixer of KDE, despite been inside the jail, it is the final child of several child processes from firefox(sloppy me :P).
I also have this addon https://addons.mozilla.org/en-US/firefox/addon/vlc-youtube-shortcut/?src=search
This, will launch vlc directly as a child of firefox, and have the same sound issues as firefox it self.

maybe you should unclose this issue, it seams different.

(it's not one of my custom configs interfearing, i tested vanilla Firefox with firejail and apparmor in a vanilla KDE session (not the custom scripts))

@ghost commented on GitHub (Jan 16, 2016): actually the bug is not too annoying, i'll just leave both running. inside firejail, i also see a bunch of zombie pulseaudio processes (after several tries). It seams pulseaudio try to start inside firefox/firejail/apparmor The "normall" pulseaudio process seams fine. When i play amarok/firejail(no apparmor), and then try to play sound in the firefox/firejail/apparmor, two pulseaudio zombies appear (in the jail of amarok). i have a script, that is launched by firefox that lauches vlc. It uses this addon https://addons.mozilla.org/en-US/firefox/addon/firefox2bash/?src=ss That vlc plays sound fine and doesn't conflicts with other apps and appears in the volume controler/mixer of KDE, despite been inside the jail, it is the final child of several child processes from firefox(sloppy me :P). I also have this addon https://addons.mozilla.org/en-US/firefox/addon/vlc-youtube-shortcut/?src=search This, will launch vlc directly as a child of firefox, and have the same sound issues as firefox it self. maybe you should unclose this issue, it seams different. (it's not one of my custom configs interfearing, i tested vanilla Firefox with firejail and apparmor in a vanilla KDE session (not the custom scripts))

gitea-mirror commented

2026-05-05 05:11:31 -06:00

Author

Owner

@netblue30 commented on GitHub (Jan 16, 2016):

I've unclosed the issue, in case somebody has an idea. From my point of view there are two known problems:

PulseAudio is missing support for programs running in a PID namespace. This is a big deal for us, since we install a PID namespace. PulseAudio development team recognized it as a bug and promised to fix it.
several Ubuntu users reported AppArmor problems, the work around is to disable it. Real fixes would need to be send to AppArmor project. I'll take a look after Ubuntu 16.04 is out, however I'll need a real fix in PulseAudio before I talk to AppArmor people.

@netblue30 commented on GitHub (Jan 16, 2016): I've unclosed the issue, in case somebody has an idea. From my point of view there are two known problems: - PulseAudio is missing support for programs running in a PID namespace. This is a big deal for us, since we install a PID namespace. PulseAudio development team recognized it as a bug and promised to fix it. - several Ubuntu users reported AppArmor problems, the work around is to disable it. Real fixes would need to be send to AppArmor project. I'll take a look after Ubuntu 16.04 is out, however I'll need a real fix in PulseAudio before I talk to AppArmor people.

gitea-mirror commented

2026-05-05 05:11:33 -06:00

Author

Owner

@netblue30 commented on GitHub (Feb 6, 2016):

Give the new version a try. There were lots of fixes going in. If necessary, I'll reopen the bug. Thanks!

@netblue30 commented on GitHub (Feb 6, 2016): Give the new version a try. There were lots of fixes going in. If necessary, I'll reopen the bug. Thanks!

gitea-mirror commented

2026-05-05 05:11:35 -06:00

Author

Owner

@ghost commented on GitHub (Feb 6, 2016):

the same as before in 0.9.38

@ghost commented on GitHub (Feb 6, 2016): the same as before in 0.9.38

gitea-mirror commented

2026-05-05 05:11:37 -06:00

Author

Owner

@ghost commented on GitHub (May 9, 2016):

Same in Ubuntu 16.04
the updates didn't solve it.... :/

@ghost commented on GitHub (May 9, 2016): Same in Ubuntu 16.04 the updates didn't solve it.... :/

gitea-mirror commented

2026-05-05 05:11:38 -06:00

Author

Owner

@netblue30 commented on GitHub (Jun 1, 2016):

Should be fixed in 0.9.40

@netblue30 commented on GitHub (Jun 1, 2016): Should be fixed in 0.9.40

Rows
Columns

[GH-ISSUE #220] [bug] sound conflict with firefox, with firejail and apparmor #153