unofficial mirror of help-guix@gnu.org 
 help / color / mirror / Atom feed
* How to make audio devices available with guix shell --container
@ 2022-12-05 17:41 Elias Kueny
  2022-12-06  3:47 ` kiasoc5
  0 siblings, 1 reply; 4+ messages in thread
From: Elias Kueny @ 2022-12-05 17:41 UTC (permalink / raw)
  To: help-guix

Hello,

I'm trying to run an online videoconferencing tool in chromium in a guix shell with a container, so I expose my system as little as possible. All is well without the --container option, but I'm not sure what to expose to make it work in the container too.

I'm on guix system. I'm starting the software with: `guix shell --container -N -P --no-cwd --preserve='^DISPLAY$' --preserve='^XAUTHORITY$' --share=$XAUTHORITY --share=/dev/video0 ungoogled-chromium -- chromium --app="https://meet.jit.si"`.

`--preserve='^DISPLAY$' --preserve='^XAUTHORITY$' --share=$XAUTHORITY` lets chromium open an X window and share the scren.
`--share=/dev/video0` gives access to the webcam.
What is the step to allow the microphone and speakers?

I'm not particularly familiar with how audio devices are working. I read they are in /dev/snd, but sharing this or even the whole of /dev/ doesn't make the microphone and speakers available (although the browser is now asking me for the permission to access them, so it seems aware I have them). I also tried adding tinyalsa and pulseaudio to the container in case that's what's missing, but to no avail. I didn't explicitely install anything related to audio (but I have %desktop-services in my operating-system definition), so if it's a software that is missing, I don't know which one.

Thank you in advance!


^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: How to make audio devices available with guix shell --container
  2022-12-05 17:41 How to make audio devices available with guix shell --container Elias Kueny
@ 2022-12-06  3:47 ` kiasoc5
  2022-12-06 17:01   ` Elias Kueny
  0 siblings, 1 reply; 4+ messages in thread
From: kiasoc5 @ 2022-12-06  3:47 UTC (permalink / raw)
  To: Elias Kueny, help-guix

On 12/5/22 12:41, Elias Kueny wrote:
> Hello,
> 
> I'm trying to run an online videoconferencing tool in chromium in a guix 
> shell with a container, so I expose my system as little as possible. All 
> is well without the --container option, but I'm not sure what to expose 
> to make it work in the container too.
> 
> I'm on guix system. I'm starting the software with: `guix shell 
> --container -N -P --no-cwd --preserve='^DISPLAY$' 
> --preserve='^XAUTHORITY$' --share=$XAUTHORITY --share=/dev/video0 
> ungoogled-chromium -- chromium --app="https://meet.jit.si"`.
> 
> `--preserve='^DISPLAY$' --preserve='^XAUTHORITY$' --share=$XAUTHORITY` 
> lets chromium open an X window and share the scren.
> `--share=/dev/video0` gives access to the webcam.
> What is the step to allow the microphone and speakers?

About the sound, I believe you will need to expose the pulseaudio and/or 
pipewire sockets. You can reference bubblewrap configuration since it 
also works by sharing/exposing files.

https://wiki.archlinux.org/title/Bubblewrap/Examples#Chromium

> I'm not particularly familiar with how audio devices are working. I read 
> they are in /dev/snd, but sharing this or even the whole of /dev/ 
> doesn't make the microphone and speakers available (although the browser 
> is now asking me for the permission to access them, so it seems aware I 
> have them). I also tried adding tinyalsa and pulseaudio to the container 
> in case that's what's missing, but to no avail. I didn't explicitely 
> install anything related to audio (but I have %desktop-services in my 
> operating-system definition), so if it's a software that is missing, I 
> don't know which one.

I believe in the case of ungoogled-chromium that pulseaudio is part of 
the inputs already.

> Thank you in advance!
> 

It would be nice to have a tool for defining guix containers by 
permissions (with camera, with audio, etc) like bubblejail/firejail. 
That is a topic for a later mail.


^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: How to make audio devices available with guix shell --container
  2022-12-06  3:47 ` kiasoc5
@ 2022-12-06 17:01   ` Elias Kueny
  2023-01-08 11:19     ` Gabriel Wicki
  0 siblings, 1 reply; 4+ messages in thread
From: Elias Kueny @ 2022-12-06 17:01 UTC (permalink / raw)
  To: kiasoc5; +Cc: help-guix


On Mon, Dec 05 2022, kiasoc5 wrote:
> About the sound, I believe you will need to expose the pulseaudio
> and/or pipewire sockets. You can reference bubblewrap configuration
> since it also works by sharing/exposing files.
>
> https://wiki.archlinux.org/title/Bubblewrap/Examples#Chromium

Thank you, that helped me progress. I noticed there were errors about not being able to connect to DBUS, now the following got rid of those:
guix shell -C -N -P --no-cwd \
--share=/dev/ \
--preserve='^DISPLAY$' --preserve='^XAUTHORITY$' --expose="$XAUTHORITY" \
--preserve='^DBUS_.*' --expose=/var/run/dbus/system_bus_socket \
--expose="$XDG_RUNTIME_DIR/pulse" \
ungoogled-chromium -- chromium --app="https://meet.jit.si"

With this, I can use the microphone (there is no default microphone available, but my internal microphone can be selected and works), but I still have no sound.
ALSA throws the error "The field ipc_gid must be a valid group (create group audio)", and indeed /etc/group in the container doesn't contain an audio group (only users and overflow).

But `--expose=/etc/group` prevents the creation of the container with the error "guix shell: error: rename-file: Device or resource busy".
So the next question is: how does one uses groups in the container?


^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: How to make audio devices available with guix shell --container
  2022-12-06 17:01   ` Elias Kueny
@ 2023-01-08 11:19     ` Gabriel Wicki
  0 siblings, 0 replies; 4+ messages in thread
From: Gabriel Wicki @ 2023-01-08 11:19 UTC (permalink / raw)
  To: Elias Kueny; +Cc: help-guix

Hi!

I'm not entirely sure why this exact error pops up, but i think this
might render a nice opportunity for a small Guix shell/environment
feature!

I have created a simplistic patch, unfortunately that does not seem to
work -- which puzzles me somewhat.  What else is needed to add a user to
a group in a guix shell container?  On the *nix systems i'm acquainted
with there was nothing more to it than adding the correct entry in
/etc/group and logging in (again).  What am i missing in the context of
Guix containers?


Though my patch is not ready (or working) i attach it below.

g


From ad84a3e73bf86e89c7a8a167111e5bca5821f021 Mon Sep 17 00:00:00 2001
From: Gabriel Wicki <gabriel@erlikon.ch>
Date: Sun, 8 Jan 2023 12:08:30 +0100
Subject: [PATCH] scripts: environment: Add "audio" group to the shell
 container user

* guix/scripts/environment.scm [launch-environment/container]: Add an entry
for "audio" in /etc/group.
---
 guix/scripts/environment.scm | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/guix/scripts/environment.scm b/guix/scripts/environment.scm
index c7fd8fd340..f2fae6f1f8 100644
--- a/guix/scripts/environment.scm
+++ b/guix/scripts/environment.scm
@@ -748,6 +748,9 @@ (define fhs-mappings
                                         (string-append "/home/" user)
                                         (passwd:dir pwd))))))
             (groups   (list (group-entry (name "users") (gid gid))
+                            (group-entry (name "audio")
+                                         (gid (+ 1 gid))
+                                         (members (list (number->string uid))))
                             (group-entry (gid 65534) ;the overflow GID
                                          (name "overflow"))))
             (home-dir (password-entry-directory passwd))
-- 
2.38.1



^ permalink raw reply related	[flat|nested] 4+ messages in thread

end of thread, other threads:[~2023-01-08 11:20 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-12-05 17:41 How to make audio devices available with guix shell --container Elias Kueny
2022-12-06  3:47 ` kiasoc5
2022-12-06 17:01   ` Elias Kueny
2023-01-08 11:19     ` Gabriel Wicki

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).