From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp11.migadu.com ([2001:41d0:8:6d80::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms5.migadu.com with LMTPS id MI19KX67jmNWtAAAbAwnHQ (envelope-from ) for ; Tue, 06 Dec 2022 04:48:14 +0100 Received: from aspmx1.migadu.com ([2001:41d0:8:6d80::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp11.migadu.com with LMTPS id cBCXKX67jmP48QAA9RJhRA (envelope-from ) for ; Tue, 06 Dec 2022 04:48:14 +0100 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 857ABE8A6 for ; Tue, 6 Dec 2022 04:48:14 +0100 (CET) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1p2Ovk-0007Hu-7u; Mon, 05 Dec 2022 22:47:40 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1p2Ovi-0007Hj-HC for help-guix@gnu.org; Mon, 05 Dec 2022 22:47:38 -0500 Received: from knopi.disroot.org ([178.21.23.139]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1p2Ovg-0001Ys-GP for help-guix@gnu.org; Mon, 05 Dec 2022 22:47:38 -0500 Received: from localhost (localhost [127.0.0.1]) by disroot.org (Postfix) with ESMTP id 3B10C41125; Tue, 6 Dec 2022 04:47:24 +0100 (CET) X-Virus-Scanned: SPAM Filter at disroot.org Received: from knopi.disroot.org ([127.0.0.1]) by localhost (disroot.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vBeSSG6hoGaV; Tue, 6 Dec 2022 04:47:22 +0100 (CET) Message-ID: DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=disroot.org; s=mail; t=1670298442; bh=vHua/6Ys0UISq4gOw4thFlSKuWi5lejVmVW0FFfk/7o=; h=Date:Subject:To:References:From:In-Reply-To; b=mA2FnOXan295dZv98K00YzI2AbdPenny31MeTGFxXI09hGgGkev38YorIccLZZTvz 4N0Z4i4K6F/xzKpBhYlC4Gev1gXwxmcLasBXINkA+YwWM9oD+HV+jG49hRWLGo+7n1 Q7+Lf+J4HsWT2hl3aAzS+8FMXAHRYvAqYFdMRBlP0ZD85zg6w8ubuSYtl79Hf5jmO+ IdBR1iB5+V4R2S0m/Yl+21WX3w1Axiwa3JRTPxrb1WMj3X4q1+kr2OEIT3dZVo9BAq ZhQCGqeSwjGX+dvtVT1XLI0wzwAgm+hyJ4PjwE1jFZ5ZllUbHn2zaPKUPHzt1CnKdn h928kvOO4KzbQ== Date: Mon, 5 Dec 2022 22:47:18 -0500 MIME-Version: 1.0 Subject: Re: How to make audio devices available with guix shell --container To: Elias Kueny , help-guix@gnu.org References: <87o7shsld3.fsf@posteo.net> Content-Language: en-US From: kiasoc5 In-Reply-To: <87o7shsld3.fsf@posteo.net> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Received-SPF: pass client-ip=178.21.23.139; envelope-from=kiasoc5@disroot.org; helo=knopi.disroot.org X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: help-guix@gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: help-guix-bounces+larch=yhetil.org@gnu.org Sender: help-guix-bounces+larch=yhetil.org@gnu.org X-Migadu-Flow: FLOW_IN X-Migadu-Country: US ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1670298494; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post:dkim-signature; bh=qK1qAdaezDi37rO4+LvykwSLr5iUOpRi5gJrGlWtprU=; b=EKyVveG/j6ShcQ2hKc1zALODkwR436Nkh9PtNsqj+uCGYRCKXFpW+ze1Zi8vgwaLTRiflK g5S9kgnxucdLa3Xr5zo0+WwiJqWfUROKiowaSsyLEm+SqsTrse8NBgTLUnSB9jZxGgIW3b DsWAdPV4qGICQXSaZdHleOjR44fsb4G8auy5jEO+GeMT1sFliEHB37uWReuTd2KtuLSTxR HVjurYz0n4H5OuWpzKqQ3gym+n7h/QNdm0t0s8an+FaBLBc2a3ne+WWwfk++JGkeU/tZW+ k8GhD0HqUXrOQChuUPg8RI9vMSfnOHbEstrPxSTRU/b0nz8HYaDyQowSadLWvw== ARC-Seal: i=1; s=key1; d=yhetil.org; t=1670298494; a=rsa-sha256; cv=none; b=FYTv9W9LQBZVq/oab0l53deslLQSB+OO2CP5y23MRYFML+bQKqF2DVkktK08M5hvDgJEC7 +/WRR+35MXYWFNGZbqgRmHXZOBRcs+AQmkULFszSb2SlVPwnIDFyUHJ2hrz3FLTCb3TeKC sh7z/NB0YbsoBhwEa2cL2mfy5mgAo047uqVPuVbna4vq1NeYZGT7buuSuVFxuJ7MB1ACPZ i3cy9OvLJfCzz4sDwCulIykr6NTz9RnCAbAjeK/+ZkZ9zZr/0DJlsyLPE8JBJubl4KAXKZ 39UyDTwTCqTpQV6wmuvQvJO6SBHjWueNOxZXwttUKiJW1c+Igeq5xCmmK6rEtA== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=pass header.d=disroot.org header.s=mail header.b=mA2FnOXa; dmarc=pass (policy=reject) header.from=disroot.org; spf=pass (aspmx1.migadu.com: domain of "help-guix-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="help-guix-bounces+larch=yhetil.org@gnu.org" X-Migadu-Spam-Score: -3.96 Authentication-Results: aspmx1.migadu.com; dkim=pass header.d=disroot.org header.s=mail header.b=mA2FnOXa; dmarc=pass (policy=reject) header.from=disroot.org; spf=pass (aspmx1.migadu.com: domain of "help-guix-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="help-guix-bounces+larch=yhetil.org@gnu.org" X-Migadu-Queue-Id: 857ABE8A6 X-Spam-Score: -3.96 X-Migadu-Scanner: scn0.migadu.com X-TUID: x0BXixlSOr28 On 12/5/22 12:41, Elias Kueny wrote: > Hello, > > I'm trying to run an online videoconferencing tool in chromium in a guix > shell with a container, so I expose my system as little as possible. All > is well without the --container option, but I'm not sure what to expose > to make it work in the container too. > > I'm on guix system. I'm starting the software with: `guix shell > --container -N -P --no-cwd --preserve='^DISPLAY$' > --preserve='^XAUTHORITY$' --share=$XAUTHORITY --share=/dev/video0 > ungoogled-chromium -- chromium --app="https://meet.jit.si"`. > > `--preserve='^DISPLAY$' --preserve='^XAUTHORITY$' --share=$XAUTHORITY` > lets chromium open an X window and share the scren. > `--share=/dev/video0` gives access to the webcam. > What is the step to allow the microphone and speakers? About the sound, I believe you will need to expose the pulseaudio and/or pipewire sockets. You can reference bubblewrap configuration since it also works by sharing/exposing files. https://wiki.archlinux.org/title/Bubblewrap/Examples#Chromium > I'm not particularly familiar with how audio devices are working. I read > they are in /dev/snd, but sharing this or even the whole of /dev/ > doesn't make the microphone and speakers available (although the browser > is now asking me for the permission to access them, so it seems aware I > have them). I also tried adding tinyalsa and pulseaudio to the container > in case that's what's missing, but to no avail. I didn't explicitely > install anything related to audio (but I have %desktop-services in my > operating-system definition), so if it's a software that is missing, I > don't know which one. I believe in the case of ungoogled-chromium that pulseaudio is part of the inputs already. > Thank you in advance! > It would be nice to have a tool for defining guix containers by permissions (with camera, with audio, etc) like bubblejail/firejail. That is a topic for a later mail.