4 files changed, 83 insertions, 4 deletions
diff --git a/README.md b/README.md
index 5e061f0ce..62ec486e3 100644
--- a/README.md
+++ b/README.md
@@ -38,9 +38,13 @@ FAQ: https://l3net.wordpress.com/projects/firejail/firejail-faq/
 ### PulseAudio 7.0
-The srbchannel IPC mechanism  introduced in 6.0, was enabled by default in release 7.0.
+The srbchannel IPC mechanism  introduced in PulseAudio 6.0, was enabled by default in release 7.0.
 Arch Linux users are reporting sound problems when running applications in Firejail sandbox.
-The issue is still under investigation. There are two workarounds so far:
+A preliminary fix was introduced on master branch. The fix disables PulseAudio shared memory functionality
+in the sandbox. If you are seeing any problems,
+please let us know here: https://github.com/netblue30/firejail/issues/69
+If you are unable to update your Firejail install to the latest development version, there are two workarounds:
 *   Running ALSA
@@ -57,6 +61,4 @@ $ echo "enable-shm = no" >> client.conf
 `````
-If you are still having problems, join the discussion here: https://github.com/netblue30/firejail/issues/69
diff --git a/src/firejail/firejail.h b/src/firejail/firejail.h
index 261821338..2dd70c7f4 100644
--- a/src/firejail/firejail.h
+++ b/src/firejail/firejail.h
@@ -401,5 +401,8 @@ int errno_find_name(const char *name);
 char *errno_find_nr(int nr);
 void errno_print(void);
+// pulseaudio.c
+void pulseaudio_init(void);
 #endif
diff --git a/src/firejail/pulseaudio.c b/src/firejail/pulseaudio.c
new file mode 100644
index 000000000..bea0cc940
--- /dev/null
+++ b/src/firejail/pulseaudio.c
@@ -0,0 +1,69 @@
+/*
+ * Copyright (C) 2014, 2015 Firejail Authors
+ *
+ * This file is part of firejail project
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+*/
+#include "firejail.h"
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <sys/mount.h>
+// disable shm in pulse audio
+void pulseaudio_init(void) {
+        struct stat s;
+        
+        // do we have pulseaudio in the system?
+        if (stat("/etc/pulse/client.conf", &s) == -1)
+                return;
+        // crate the new user pulseaudio directory
+        char *pulsedir;
+        if (asprintf(&pulsedir, "%s/pulse", MNT_DIR) == -1)
+                errExit("asprintf");
+        int rv = mkdir(pulsedir, S_IRWXU | S_IRWXG | S_IRWXO);
+        if (rv == -1)
+                errExit("mkdir");
+        if (chown(pulsedir, getuid(), getgid()) < 0)
+                errExit("chown");
+        if (chmod(pulsedir, 0700) < 0)
+                errExit("chmod");
+        // create the new client.conf file
+        char *pulsecfg = NULL;
+        if (asprintf(&pulsecfg, "%s/client.conf", pulsedir) == -1)
+                errExit("asprintf");
+        if (copy_file("/etc/pulse/client.conf", pulsecfg))
+                errExit("copy_file");
+        FILE *fp = fopen(pulsecfg, "a+");
+        if (!fp)
+                errExit("fopen");
+        fprintf(fp, "\nenable-shm = no\n");
+        fclose(fp);
+        if (chmod(pulsecfg, 0644) == -1)
+                errExit("chmod");
+        if (chown(pulsecfg, getuid(), getgid()) == -1)
+                errExit("chown");
+        // set environment
+        if (setenv("PULSE_CLIENTCONFIG", pulsecfg, 1) < 0)
+                errExit("setenv");
+        
+        free(pulsecfg);
+        free(pulsedir);         
+}
diff --git a/src/firejail/sandbox.c b/src/firejail/sandbox.c
index c9146560b..eca4c2282 100644
--- a/src/firejail/sandbox.c
+++ b/src/firejail/sandbox.c
@@ -270,6 +270,11 @@ int sandbox(void* sandbox_arg) {
        fs_proc_sys_dev_boot();
        
        //****************************
+        // fix for pulseaudio 7.0
+        //****************************
+        pulseaudio_init();
+        
+        //****************************
        // networking
        //****************************
        if (arg_nonetwork) {

diff --git a/README.md b/README.md index 5e061f0ce..62ec486e3 100644 --- a/README.md +++ b/README.md
@@ -38,9 +38,13 @@ FAQ: https://l3net.wordpress.com/projects/firejail/firejail-faq/
38		38
39	### PulseAudio 7.0	39	### PulseAudio 7.0
40		40
41	The srbchannel IPC mechanism introduced in 6.0, was enabled by default in release 7.0.	41	The srbchannel IPC mechanism introduced in PulseAudio 6.0, was enabled by default in release 7.0.
42	Arch Linux users are reporting sound problems when running applications in Firejail sandbox.	42	Arch Linux users are reporting sound problems when running applications in Firejail sandbox.
43	The issue is still under investigation. There are two workarounds so far:	43	A preliminary fix was introduced on master branch. The fix disables PulseAudio shared memory functionality
		44	in the sandbox. If you are seeing any problems,
		45	please let us know here: https://github.com/netblue30/firejail/issues/69
		46
		47	If you are unable to update your Firejail install to the latest development version, there are two workarounds:
44		48
45	* Running ALSA	49	* Running ALSA
46		50
@@ -57,6 +61,4 @@ $ echo "enable-shm = no" >> client.conf
57	`````	61	`````
58		62
59		63
60	If you are still having problems, join the discussion here: https://github.com/netblue30/firejail/issues/69
61
62		64


diff --git a/src/firejail/firejail.h b/src/firejail/firejail.h index 261821338..2dd70c7f4 100644 --- a/src/firejail/firejail.h +++ b/src/firejail/firejail.h
@@ -401,5 +401,8 @@ int errno_find_name(const char *name);
401	char *errno_find_nr(int nr);	401	char *errno_find_nr(int nr);
402	void errno_print(void);	402	void errno_print(void);
403		403
		404	// pulseaudio.c
		405	void pulseaudio_init(void);
		406
404	#endif	407	#endif
405		408


diff --git a/src/firejail/pulseaudio.c b/src/firejail/pulseaudio.c new file mode 100644 index 000000000..bea0cc940 --- /dev/null +++ b/src/firejail/pulseaudio.c
@@ -0,0 +1,69 @@
		1	/*
		2	* Copyright (C) 2014, 2015 Firejail Authors
		3	*
		4	* This file is part of firejail project
		5	*
		6	* This program is free software; you can redistribute it and/or modify
		7	* it under the terms of the GNU General Public License as published by
		8	* the Free Software Foundation; either version 2 of the License, or
		9	* (at your option) any later version.
		10	*
		11	* This program is distributed in the hope that it will be useful,
		12	* but WITHOUT ANY WARRANTY; without even the implied warranty of
		13	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
		14	* GNU General Public License for more details.
		15	*
		16	* You should have received a copy of the GNU General Public License along
		17	* with this program; if not, write to the Free Software Foundation, Inc.,
		18	* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
		19	*/
		20	#include "firejail.h"
		21	#include <sys/types.h>
		22	#include <sys/stat.h>
		23	#include <sys/mount.h>
		24
		25	// disable shm in pulse audio
		26	void pulseaudio_init(void) {
		27	struct stat s;
		28
		29	// do we have pulseaudio in the system?
		30	if (stat("/etc/pulse/client.conf", &s) == -1)
		31	return;
		32
		33	// crate the new user pulseaudio directory
		34	char *pulsedir;
		35	if (asprintf(&pulsedir, "%s/pulse", MNT_DIR) == -1)
		36	errExit("asprintf");
		37	int rv = mkdir(pulsedir, S_IRWXU \| S_IRWXG \| S_IRWXO);
		38	if (rv == -1)
		39	errExit("mkdir");
		40	if (chown(pulsedir, getuid(), getgid()) < 0)
		41	errExit("chown");
		42	if (chmod(pulsedir, 0700) < 0)
		43	errExit("chmod");
		44
		45	// create the new client.conf file
		46	char *pulsecfg = NULL;
		47	if (asprintf(&pulsecfg, "%s/client.conf", pulsedir) == -1)
		48	errExit("asprintf");
		49	if (copy_file("/etc/pulse/client.conf", pulsecfg))
		50	errExit("copy_file");
		51	FILE *fp = fopen(pulsecfg, "a+");
		52	if (!fp)
		53	errExit("fopen");
		54	fprintf(fp, "\nenable-shm = no\n");
		55	fclose(fp);
		56	if (chmod(pulsecfg, 0644) == -1)
		57	errExit("chmod");
		58	if (chown(pulsecfg, getuid(), getgid()) == -1)
		59	errExit("chown");
		60
		61
		62	// set environment
		63	if (setenv("PULSE_CLIENTCONFIG", pulsecfg, 1) < 0)
		64	errExit("setenv");
		65
		66
		67	free(pulsecfg);
		68	free(pulsedir);
		69	}


diff --git a/src/firejail/sandbox.c b/src/firejail/sandbox.c index c9146560b..eca4c2282 100644 --- a/src/firejail/sandbox.c +++ b/src/firejail/sandbox.c
@@ -270,6 +270,11 @@ int sandbox(void* sandbox_arg) {
270	fs_proc_sys_dev_boot();	270	fs_proc_sys_dev_boot();
271		271
272	//****************************	272	//****************************
		273	// fix for pulseaudio 7.0
		274	//****************************
		275	pulseaudio_init();
		276
		277	//****************************
273	// networking	278	// networking
274	//****************************	279	//****************************
275	if (arg_nonetwork) {	280	if (arg_nonetwork) {