[pulseaudio-discuss] Question about Pulseaudio hardware abstraction

Pali Rohár pali.rohar at gmail.com
Wed Apr 29 09:13:21 UTC 2020

On Wednesday 29 April 2020 01:57:14 Jim Kent wrote:
> Is it possible to sandbox applications from the
> sound hardware so that they only communicate and have a view of Pulseaudio,
> rather than the underlying hardware?

Yes, you need to disallow access to /dev/snd/... devices for your
application. E.g. by permissions, ACLs or MAC (selinux / apparmor) or by
chrooting (without providing these devices) or running in container
(again without those devices). Just choose your favourite sandboxing

> Could something like Jack accomplish this?

No, application can again ignore jack and access sound hardware, just
like it did with pulseaudio.

You can e.g. play with "amixer" application. If you run it as
"amixer -D pulse" it will connect to pulseaudio (via unix socket) and
show mixer control which pulseaudio told it. If you run it with
"amixer -c 0" it will directly access sound card 0 (via /dev/snd/...)
and show state of sound card 0.

Pali Rohár
pali.rohar at gmail.com

More information about the pulseaudio-discuss mailing list