<div dir="ltr"><span style="color:rgb(0,0,0);font-family:"Lucida Grande","Trebuchet MS",Verdana,Helvetica,Arial,sans-serif;font-size:13px;background-color:rgb(236,243,247)">I am more and more thinking that this is caused by the extra security / sandboxing provided by systemd for user services (run as </span><span style="color:rgb(0,0,0);font-size:13px;background-color:rgb(236,243,247);font-family:monospace;font-weight:bold">--user</span><span style="color:rgb(0,0,0);font-family:"Lucida Grande","Trebuchet MS",Verdana,Helvetica,Arial,sans-serif;font-size:13px;background-color:rgb(236,243,247)"> ).</span><br style="color:rgb(0,0,0);font-family:"Lucida Grande","Trebuchet MS",Verdana,Helvetica,Arial,sans-serif;font-size:13px;background-color:rgb(236,243,247)"><br style="color:rgb(0,0,0);font-family:"Lucida Grande","Trebuchet MS",Verdana,Helvetica,Arial,sans-serif;font-size:13px;background-color:rgb(236,243,247)"><span style="color:rgb(0,0,0);font-family:"Lucida Grande","Trebuchet MS",Verdana,Helvetica,Arial,sans-serif;font-size:13px;background-color:rgb(236,243,247)">So I think that pulseaudio version I am using is not taking the elevated security provided by systemd into account.</span><br style="color:rgb(0,0,0);font-family:"Lucida Grande","Trebuchet MS",Verdana,Helvetica,Arial,sans-serif;font-size:13px;background-color:rgb(236,243,247)"><strong class="gmail-text-strong" style="color:rgb(0,0,0);font-family:"Lucida Grande","Trebuchet MS",Verdana,Helvetica,Arial,sans-serif;font-size:13px;background-color:rgb(236,243,247)">This is a big problem as it currently means that pulseaudio is broken (useless).</strong><br><div><strong class="gmail-text-strong" style="color:rgb(0,0,0);font-family:"Lucida Grande","Trebuchet MS",Verdana,Helvetica,Arial,sans-serif;font-size:13px;background-color:rgb(236,243,247)"><br></strong></div><div><span class="gmail-text-strong" style="color:rgb(0,0,0);font-family:"Lucida Grande","Trebuchet MS",Verdana,Helvetica,Arial,sans-serif;font-size:13px;background-color:rgb(236,243,247)">For more details see following forum post and also previous posts:</span></div><div><span class="gmail-text-strong" style="color:rgb(0,0,0);font-family:"Lucida Grande","Trebuchet MS",Verdana,Helvetica,Arial,sans-serif;font-size:13px;background-color:rgb(236,243,247)">* <a href="https://forums.centos.org/viewtopic.php?f=54&t=76657&p=322366#p322366">https://forums.centos.org/viewtopic.php?f=54&t=76657&p=322366#p322366</a></span></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">Op di 15 dec. 2020 om 08:28 schreef Jan Van den Audenaerde <<a href="mailto:jan.vandenaudenaerde@gmail.com">jan.vandenaudenaerde@gmail.com</a>>:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr">Thanks for the response.<div>I have checked all those things:</div><div><ol><li> my user is added to audio group</li><li>group ownershiup of folder in sound devices is indeed audio</li><li>no other pulseaudio daemon is running</li><li>no other process is accessing /dev/snd/*</li></ol></div><div>Also not that it is working from the command line, but it isn't working when launched as systemd user service.<br><br></div><div>Can you share the pulseaudio / systemctl version you are using ?</div><div><br></div><div>my complete configuration is documented : <a href="https://forums.centos.org/viewtopic.php?f=54&t=76657&p=322365#p322365" target="_blank">https://forums.centos.org/viewtopic.php?f=54&t=76657&p=322365#p322365</a></div><div><br></div><div>many thanks</div><div>Jan</div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">Op ma 14 dec. 2020 om 20:43 schreef GMAIL <<a href="mailto:temptempor@gmail.com" target="_blank">temptempor@gmail.com</a>>:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<div>
<p>One important is that you should be in the group that has
ReadWrite access to the audio devices.</p>
<p>On Arch, this would be the "audio" group, which my user is part
of.</p>
<p>Check the group ownership of the sound devices and make sure the
user that wants to execute the PA server is part of those.</p>
<p>Another thing there can only be one daemon owning the audio
devices: if you try to start a PA server while another is already
exclusively accessing them, your new PA daemon will fail to grab
them.</p>
<p>So there may indeed be further Systemd ever elusive restrictions
in place but make sure: Your user is in the right group, no other
PA server is running before executing the userspace service.<br>
</p>
<div>On 14/12/2020 15:57, Jan Van den
Audenaerde wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">Thanks for sharing.
<div><br>
</div>
<div>I tried this but when starting pulseaudio daemon as a
systemd user service it doesn't recognize the audio card.</div>
<div>I have reported the details of this issue under following
forum topic:</div>
<div>
<ul>
<li><a href="https://forums.centos.org/viewtopic.php?f=54&t=76657" target="_blank">https://forums.centos.org/viewtopic.php?f=54&t=76657</a></li>
</ul>
</div>
<div>Note that it recognizes my audio card when launched from
the command line for the same user , </div>
<div>so "systemctl --user" somehow restricts access to the
device.</div>
<div><br>
</div>
<div>kr</div>
<div>Jan</div>
</div>
<br>
<div class="gmail_quote">
<div dir="ltr" class="gmail_attr">Op zo 13 dec. 2020 om 19:27
schreef GMAIL <<a href="mailto:temptempor@gmail.com" target="_blank">temptempor@gmail.com</a>>:<br>
</div>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<div>
<p>I have this working:</p>
<p><font color="#0004ff"><u>Socket</u></font><br>
</p>
<table width="100%" cellspacing="2" cellpadding="2" border="0">
<tbody>
<tr>
<td valign="top" bgcolor="#000000"><b><font color="#ffffff">#
/usr/lib/systemd/user/pulseaudio.socket<br>
[Unit]<br>
Description=Sound System<br>
ConditionUser=!root<br>
<br>
[Socket]<br>
Priority=6<br>
Backlog=5<br>
ListenStream=%t/pulse/native<br>
<br>
[Install]<br>
WantedBy=sockets.target</font></b><br>
<br>
</td>
</tr>
</tbody>
</table>
<p><font color="#0004ff"><u>Service</u></font></p>
<table width="100%" cellspacing="2" cellpadding="2" border="0">
<tbody>
<tr>
<td valign="top" bgcolor="#000000"><b><font color="#ffffff">#
/usr/lib/systemd/user/pulseaudio.service<br>
[Unit]<br>
Description=Sound Service<br>
<br>
# We require pulseaudio.socket to be active
before starting the daemon, because<br>
# while it is possible to use the service
without the socket, it is not clear<br>
# why it would be desirable.<br>
#<br>
# A user installing pulseaudio and doing
`systemctl --user start pulseaudio`<br>
# will not get the socket started, which might
be confusing and problematic if<br>
# the server is to be restarted later on, as the
client autospawn feature<br>
# might kick in. Also, a start of the socket
unit will fail, adding to the<br>
# confusion.<br>
#<br>
# After=pulseaudio.socket is not needed, as it
is already implicit in the<br>
# socket-service relationship, see
systemd.socket(5).<br>
Requires=pulseaudio.socket<br>
ConditionUser=!root<br>
<br>
[Service]<br>
ExecStart=/usr/bin/pulseaudio --daemonize=no
--log-target=journal<br>
LockPersonality=yes<br>
MemoryDenyWriteExecute=yes<br>
NoNewPrivileges=yes<br>
Restart=on-failure<br>
RestrictNamespaces=yes<br>
SystemCallArchitectures=native<br>
SystemCallFilter=@system-service<br>
# Note that notify will only work if
--daemonize=no<br>
Type=notify<br>
UMask=0077<br>
<br>
[Install]<br>
Also=pulseaudio.socket<br>
WantedBy=default.target<br>
</font></b><br>
</td>
</tr>
</tbody>
</table>
<p>Cheers<br>
</p>
<div>On 13/12/2020 17:52, Jan Van den Audenaerde wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">
<div>Hi,</div>
<div><br>
</div>
<div>Thanks for the response.</div>
<div><br>
</div>
<div>But how do I get the pulseaudio daemon running in
userspace that is listening to unix
socket /run/user/1000/pulse/native ?</div>
<div>I don't want to start this daemon manually but as a
systemd service.</div>
<div><br>
</div>
<div>kr<br>
jan</div>
<div><br>
</div>
<br>
<div class="gmail_quote">
<div dir="ltr" class="gmail_attr">Op zo 13 dec. 2020
om 14:40 schreef GMAIL <<a href="mailto:temptempor@gmail.com" target="_blank">temptempor@gmail.com</a>>:<br>
</div>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<div>
<p>Hi, <br>
</p>
<p>This can be achieved fairly "simply" (as long
as you know what to look for).</p>
<p>You need to pass the pulse socket into the
container and tell pulse clients inside the
container its precise path.</p>
<p>So on Docker CLI, for a typical Pulse daemon
running in userspace, it would be something
like:</p>
<table width="1666" height="27" cellspacing="2" cellpadding="2" border="0">
<tbody>
<tr>
<td valign="top" bgcolor="#000000"><b><font size="+1" color="#ffffff"><code>-v
/run/user/1000/pulse:/run/user/1000/pulse
</code></font></b><br>
</td>
</tr>
</tbody>
</table>
<p>Inside the container, once you've installed
Pulseaudio, you need to modify its client
configuration:</p>
<p><font color="#0027ff"><u>/etc/pulse/client.conf</u></font></p>
<table width="100%" cellspacing="2" cellpadding="2" border="0">
<tbody>
<tr>
<td valign="top" bgcolor="#000000">
<pre><b><font size="+1" color="#ffffff">default-server = /run/user/1000/pulse/native</font></b>
</pre>
</td>
</tr>
</tbody>
</table>
<p>With this your Pulseaudio applications should
be able to play sounds through the host
PulseAudio server (of course, you'd need to
adapt the runtime paths to your environment).</p>
<p>Bear in mind, there seems to be some
inconsistencies in the way various Pulse
utilities interface with the daemon. In this
setup for example, <font face="Droid Sans">"pacmd</font>"
won't work, whilst <font face="Droid Sans">"pactl</font>"
works fine once the client configuration is
fixed. <br>
</p>
<p>You could test this in a manual way first and
then automate things a bit with a Dockerfile and
what not.</p>
<p>Best regards.<br>
</p>
<div>On 12/12/2020 16:19, Jan Van den Audenaerde
wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">Hi,
<div><br>
</div>
<div>I have spend several days without success
figuring out how I can use pulseaudio in a
container setup on an embedded device.</div>
<div><br>
</div>
<div><i>I am running CentOs 8 on a headless
device (intel-nuc) which is also running
docker.<br>
I would like to run pulseaudio server on
the host (CentOs 8) and my docker
containers should be able to use
pulseaudio client to communicate with the
pulseaudio server via pulseaudio unix
socket.<br>
Moreover it should be possible that
different docker containers can access the
microphone and speaker at the same time.</i><br>
</div>
<div><br>
</div>
<div><br>
</div>
<div>The main problem I am facing I have
reported in following forum post: </div>
<div><br>
</div>
<div>
<ul>
<li><a href="https://forums.centos.org/viewtopic.php?f=54&t=76643" target="_blank">https://forums.centos.org/viewtopic.php?f=54&t=76643</a></li>
</ul>
<div><br>
</div>
<div>Any help would be much appreciated.</div>
</div>
<div>I also think that pulseaudio has the good
requirements for use in a container setup
if I only can make it work.</div>
<div>Jan.</div>
<div><br>
</div>
<div><br>
</div>
</div>
<br>
<fieldset></fieldset>
<pre>_______________________________________________
pulseaudio-discuss mailing list
<a href="mailto:pulseaudio-discuss@lists.freedesktop.org" target="_blank">pulseaudio-discuss@lists.freedesktop.org</a>
<a href="https://lists.freedesktop.org/mailman/listinfo/pulseaudio-discuss" target="_blank">https://lists.freedesktop.org/mailman/listinfo/pulseaudio-discuss</a>
</pre>
</blockquote>
</div>
_______________________________________________<br>
pulseaudio-discuss mailing list<br>
<a href="mailto:pulseaudio-discuss@lists.freedesktop.org" target="_blank">pulseaudio-discuss@lists.freedesktop.org</a><br>
<a href="https://lists.freedesktop.org/mailman/listinfo/pulseaudio-discuss" rel="noreferrer" target="_blank">https://lists.freedesktop.org/mailman/listinfo/pulseaudio-discuss</a><br>
</blockquote>
</div>
</div>
<br>
<fieldset></fieldset>
<pre>_______________________________________________
pulseaudio-discuss mailing list
<a href="mailto:pulseaudio-discuss@lists.freedesktop.org" target="_blank">pulseaudio-discuss@lists.freedesktop.org</a>
<a href="https://lists.freedesktop.org/mailman/listinfo/pulseaudio-discuss" target="_blank">https://lists.freedesktop.org/mailman/listinfo/pulseaudio-discuss</a>
</pre>
</blockquote>
</div>
</blockquote>
</div>
</blockquote>
</div>
</blockquote></div>
</blockquote></div>