Created
July 13, 2016 07:55
-
-
Save arno01/535913090ffa65ce3dfaf67ac1e880d4 to your computer and use it in GitHub Desktop.
pulseaudio, deleted files in /dev/shm, grsecurity, etc...
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Workaround: pulseaudio client library likes to remove /dev/shm/pulse-shm-* | |
| files created by the host, causing sound to stop working. | |
| To fix this, we either want to disable the shm or mount /dev/shm | |
| in read-only mode when starting the container. | |
| echo "enable-shm = no" |tee -a /etc/pulse/client.conf | |
| Q: But why it works in chroot? | |
| A: chroot does not create a new pid namespace. | |
| However, when a client runs in a sandbox that creates a new pid namespace, | |
| pa_shm_cleanup() will remove all shm files, because kill() fails with ESRCH. | |
| Source: | |
| https://bugs.freedesktop.org/show_bug.cgi?id=92141#c21 | |
| Problem: | |
| grsecurity patched kernel constantly reports: | |
| grsec: denied resource overstep by requesting 27 for RLIMIT_NICE against limit 0 for /usr/bin/pulseaudio[pulseaudio:2674] uid/euid:1000/1000 gid/egid:1000/1000, parent /usr/bin/pulseaudio[pulseaudio:2673] uid/euid:1000/1000 gid/egid:1000/1000 | |
| Workaround: | |
| Set "high-priority = no" in /etc/pulse/daemon.conf and restart pulseaudio (pulseaudio -k / --start) | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment