github-starred/firejail
2
0
Fork 0
mirror of https://github.com/netblue30/firejail.git synced 2026-05-15 14:16:14 -06:00
Code Issues 531 Projects Packages Wiki Activity Actions 6

[GH-ISSUE #3891] How to allow firefox (or any sandbox) to access the pulseaudio process? #2441

New issue
Closed
opened 2026-05-05 09:07:36 -06:00 by gitea-mirror · 1 comment
gitea-mirror commented 2026-05-05 09:07:36 -06:00
Owner
Copy link

Originally created by @ibhagwan on GitHub (Jan 13, 2021).
Original GitHub issue: https://github.com/netblue30/firejail/issues/3891

Perhaps more of a usage / understanding issue rather than a bug.

Running latest firejail version 0.9.64 on Void Linux and I get no sound using Firefox, I believe it's due to firefox unable to access PulseAudio (v14.0.3).

My pulse audio is started by running start-pulseaudio-x11 within my ~/.xprofile.

I looked into all past issues regarding PulseAudio and different apps and tried many different suggestions, the latest "no sound in Zoom" issue suggested that pulse isn't running inside the sandbox and here is where I got confused as it seems that running firejail sh -c "ps -ef" returns only the process of the shell - so how does firefox (or any other app for that matter) access pulse or any other process?

I tried many different troubleshooting steps I found in other issues:

  • --noprofile
  • --nopulseauto
  • --allusers
  • different --no-blacklist switches
  • firecfg --fix-sound
  • adding enable-memfd = yes to my ~/.config/pulse/client.conf (even though it's the pulse default anyway...)
  • un-comment the private-etc line containing pulse in /etc/firejail/firefox-common.profile

None of the above resulted in sound within firefox.

The below is my attempt to communicate with the pulse daemon using the pacmd from within a firejail:

~ ❯ ps -ef | grep pulse
bhagwan  26298     1  0 11:18 ?        00:00:00 /usr/bin/pulseaudio --start --log-target=syslog
bhagwan  26307 26298  0 11:18 ?        00:00:00 /usr/libexec/pulse/gsettings-helper
bhagwan  26727  1346  0 11:18 pts/1    00:00:00 grep --color=auto pulse
~ ❯ pacmd
Welcome to PulseAudio 14.0! Use "help" for usage information.
>>> ^C
~ ❯ firejail --noautopulse --noprofile pacmd
Parent pid 26805, child pid 26806
Child process initialized in 3.57 ms
No PulseAudio daemon running, or not running as session daemon.

Parent is shutting down, bye...
~ ❯ firejail pacmd
Reading profile /etc/firejail/default.profile
Reading profile /etc/firejail/disable-common.inc
Reading profile /etc/firejail/disable-passwdmgr.inc
Reading profile /etc/firejail/disable-programs.inc

** Note: you can use --noprofile to disable default.profile **

Parent pid 26912, child pid 26913
Warning: /sbin directory link was not blacklisted
Warning: /usr/sbin directory link was not blacklisted
Child process initialized in 41.52 ms
No PulseAudio daemon running, or not running as session daemon.

Parent is shutting down, bye...
~ ❯ firejail --noautopulse --noprofile sh -c "ps -ef | grep pulseaudio"
Parent pid 26958, child pid 26959
Child process initialized in 3.55 ms
bhagwan      1     0  0 11:19 pts/1    00:00:00 firejail --noautopulse --noprofile sh -c ps -ef | grep pulseaudio
bhagwan      2     1  0 11:19 pts/1    00:00:00 sh -c ps -ef | grep pulseaudio
bhagwan      5     2  0 11:19 pts/1    00:00:00 grep pulseaudio

Parent is shutting down, bye...
~ ❯ ps -ef | grep pulse
bhagwan  26298     1  0 11:18 ?        00:00:00 /usr/bin/pulseaudio --start --log-target=syslog
bhagwan  26307 26298  0 11:18 ?        00:00:00 /usr/libexec/pulse/gsettings-helper
bhagwan  27031  1346  0 11:19 pts/1    00:00:00 grep --color=auto pulse
~ ❯ pacmd
Welcome to PulseAudio 14.0! Use "help" for usage information.
>>> ^C

Does anyone know what I got wrong or how to allow the sandbox access to an already existing pulse audio daemon?

Originally created by @ibhagwan on GitHub (Jan 13, 2021). Original GitHub issue: https://github.com/netblue30/firejail/issues/3891 Perhaps more of a usage / understanding issue rather than a bug. Running latest firejail version 0.9.64 on Void Linux and I get no sound using Firefox, I believe it's due to firefox unable to access PulseAudio (v14.0.3). My pulse audio is started by running `start-pulseaudio-x11` within my `~/.xprofile`. I looked into all past issues regarding PulseAudio and different apps and tried many different suggestions, the latest "no sound in Zoom" issue suggested that pulse isn't running inside the sandbox and here is where I got confused as it seems that running `firejail sh -c "ps -ef"` returns only the process of the shell - so how does firefox (or any other app for that matter) access pulse or any other process? I tried many different troubleshooting steps I found in other issues: - `--noprofile` - `--nopulseauto` - `--allusers` - different `--no-blacklist` switches - `firecfg --fix-sound` - adding `enable-memfd = yes` to my `~/.config/pulse/client.conf` (even though it's the pulse default anyway...) - un-comment the `private-etc` line containing `pulse` in `/etc/firejail/firefox-common.profile` None of the above resulted in sound within firefox. The below is my attempt to communicate with the pulse daemon using the `pacmd` from within a firejail: ``` ~ ❯ ps -ef | grep pulse bhagwan 26298 1 0 11:18 ? 00:00:00 /usr/bin/pulseaudio --start --log-target=syslog bhagwan 26307 26298 0 11:18 ? 00:00:00 /usr/libexec/pulse/gsettings-helper bhagwan 26727 1346 0 11:18 pts/1 00:00:00 grep --color=auto pulse ~ ❯ pacmd Welcome to PulseAudio 14.0! Use "help" for usage information. >>> ^C ~ ❯ firejail --noautopulse --noprofile pacmd Parent pid 26805, child pid 26806 Child process initialized in 3.57 ms No PulseAudio daemon running, or not running as session daemon. Parent is shutting down, bye... ~ ❯ firejail pacmd Reading profile /etc/firejail/default.profile Reading profile /etc/firejail/disable-common.inc Reading profile /etc/firejail/disable-passwdmgr.inc Reading profile /etc/firejail/disable-programs.inc ** Note: you can use --noprofile to disable default.profile ** Parent pid 26912, child pid 26913 Warning: /sbin directory link was not blacklisted Warning: /usr/sbin directory link was not blacklisted Child process initialized in 41.52 ms No PulseAudio daemon running, or not running as session daemon. Parent is shutting down, bye... ~ ❯ firejail --noautopulse --noprofile sh -c "ps -ef | grep pulseaudio" Parent pid 26958, child pid 26959 Child process initialized in 3.55 ms bhagwan 1 0 0 11:19 pts/1 00:00:00 firejail --noautopulse --noprofile sh -c ps -ef | grep pulseaudio bhagwan 2 1 0 11:19 pts/1 00:00:00 sh -c ps -ef | grep pulseaudio bhagwan 5 2 0 11:19 pts/1 00:00:00 grep pulseaudio Parent is shutting down, bye... ~ ❯ ps -ef | grep pulse bhagwan 26298 1 0 11:18 ? 00:00:00 /usr/bin/pulseaudio --start --log-target=syslog bhagwan 26307 26298 0 11:18 ? 00:00:00 /usr/libexec/pulse/gsettings-helper bhagwan 27031 1346 0 11:19 pts/1 00:00:00 grep --color=auto pulse ~ ❯ pacmd Welcome to PulseAudio 14.0! Use "help" for usage information. >>> ^C ``` Does anyone know what I got wrong or how to allow the sandbox access to an already existing pulse audio daemon?
gitea-mirror commented 2026-05-05 09:07:40 -06:00
Author
Owner
Copy link

@ibhagwan commented on GitHub (Jan 14, 2021):

Solved by running pulseaudio as a service with --system.

<!-- gh-comment-id:760449591 --> @ibhagwan commented on GitHub (Jan 14, 2021): Solved by running pulseaudio as a service with `--system`.
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
serialize_remounts_v2
landlock_v4
landlock
release-0.9.64
release-0.9.62
gitlab_ci
LTSbase
fred_ctests
docs
0.9.80
0.9.80-rc1
0.9.78
0.9.76
0.9.76-rc4
0.9.76-rc3
0.9.76-rc2
0.9.76-rc1
0.9.74
landlock-split
0.9.72
0.9.72rc1
0.9.70
0.9.68
0.9.68rc1
0.9.66
0.9.66rc1
0.9.64.4
0.9.64.2
0.9.64
0.9.64rc1
0.9.62.4
0.9.62.2
0.9.62
0.9.56.2-LTS
0.9.60
0.9.60-rc1
0.9.58.2
0.9.58
0.9.58-rc1
0.9.56-LTS-release
0.9.56-LTS
0.9.56
0.9.56-rc1
0.9.54
0.9.54-rc2
0.9.54-rc1
0.9.52
0.9.38.12
0.9.50
0.9.50-rc1
0.9.48
0.9.46
0.9.46-rc1
0.9.44.10
0.9.44.8
0.9.44.6
0.9.38.10
0.9.44.4
0.9.38.8
0.9.44.2
0.9.44
0.9.44-rc1
0.9.38.4
0.9.42
0.9.42-rc2
0.9.38.2
0.9.42-rc1
disable-globalcfg
0.9.40
0.9.40-rc1
0.9.38
0.9.38-rc1
0.9.36
0.9.36-rc1
0.9.34
0.9.34-rc1
0.9.32
0.9.32-rc1
0.9.30
0.9.30-rc1
Labels
Clear labels   
LTS merge

   
LTS merge

   
bug

   
bug

   
converted-to-discussion

   
doc-todo

   
documentation

   
duplicate

   
enhancement

   
file-transfer

   
firecfg

   
firejail-in-firejail

   
firetools

   
graphics

   
help wanted

   
information_old

   
installation

   
invalid

   
modif

   
moved

   
needinfo

   
networking

   
notabug

   
notourbug

   
old-version

   
overlayfs

   
packaging

   
profile-request

   
pull-request

Mirrored from GitHub Pull Request

  
question

   
question_old

   
removal

   
runtime-permissions

   
sandbox-ipc

   
security

   
stale

   
wiki

   
wiki

   
wontfix

   
wordpress

   
workaround
No labels
LTS merge
LTS merge
bug
bug
converted-to-discussion
doc-todo
documentation
duplicate
enhancement
file-transfer
firecfg
firejail-in-firejail
firetools
graphics
help wanted
information_old
installation
invalid
modif
moved
needinfo
networking
notabug
notourbug
old-version
overlayfs
packaging
profile-request
pull-request
question
question_old
removal
runtime-permissions
sandbox-ipc
security
stale
wiki
wiki
wontfix
wordpress
workaround
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/firejail#2441
No description provided.
Delete branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?