I setup void Linux jail by following this tutorial https://antranigv.am/posts/2021/08/2021-08-21-00-37/
Create a file at /home/james/voidlinux/etc/fstab.pre and insert the following inside
my Jail conf!
and running the jail with
I follow this post https://forums.freebsd.org/threads/running-google-chrome-in-a-dedicated-linux-jail.85491/
Pulseaudio aware applications can communicate with a Pulseaudio server either by TCP or a Unix-Domain-Socket (similar to Xorg). We configure this feature explicitly by editing /usr/local/etc/pulse/system.pa and add the following two lines:
Code:
load-module module-native-protocol-tcp auth-anonymous=1 auth-ip-acl=127.0.0.1;192.168.178.0/24
load-module module-native-protocol-unix auth-anonymous=1 socket=/tmp/pulse-native
The second line is most important for us: It tells us how the Pulseaudio socket will be named (/tmp/pulse-native). We'll need that information later when we configure Pulseaudio in the Linux jail.
Important: If you do not want remote connections over the network, delete the first line containing module-native-protocol-tcp. If remote connections are o.k. for you (e.g. because you would like to play audio in your Bhyve virtual machines), be sure to set the correct subnet mask (mine is in this case: 192.168.178.0/24).
Now that we have configured the Pulseaudio server, we need to enable it. The package audio/pulseaudio does not come with an rc script to start it up at boot time. Therefore, we have to create one: Create the file /usr/local/etc/rc.d/pulseaudio and let it have the following content:
Code:
#!/bin/sh
# PROVIDE: pulseaudio
# REQUIRE: DAEMON FILESYSTEMS
# KEYWORD: nojail shutdown
. /etc/rc.subr
name="pulseaudio"
desc="Start the Pulseaudio server"
rcvar="pulseaudio_enable"
pulseaudio_bin="/usr/local/bin/${name}"
pulseaudio_pidfile="/var/run/pulse/pid"
start_cmd="${name}_start"
stop_cmd="${name}_stop"
load_rc_config "${name}"
pulseaudio_start()
{
${pulseaudio_bin} --system --disallow-module-loading &
}
pulseaudio_stop()
{
if [ -f "${pulseaudio_pidfile}" ]
then
kill $(cat "${pulseaudio_pidfile}")
fi
}
run_rc_command "$1"
Next, enable the service in /etc/rc.conf:
Code:
pulseaudio_enable="YES"
Finally, start the service so the we do not have to reboot the machine:
Code:
# service pulseaudio start
We are almost there. The one thing left is to let Chrome in the Linux jail know which socket to use when talking to our Pulseaudio server. We could put this information directly into the chrome-wrapper script introduced further up, but I think it's better to make it a system-wide default for our Linux jail. Therefore, create the file /jail/ubuntu/etc/profile.d/05-pulseaudio.sh and add the following line:
Code:
export PULSE_SERVER=unix:/tmp/pulse-native
Note: If you would like to configure remote access, simply replace to line above with
Code:
export PULSE_SERVER="<Host-IP-address>"
where "Host-IP-address" is the addres of the machine running the actual Pulseaudio server.
Debugging sound
If there is no sound, ensure that the Pulseaudio connection is working: Enter the Linux jail and run
Code:
$ pactl list
If everything works, you should see a list of available sources and sinks. If you get something like this:
Code:
Connection failure: Connection refused
pa_context_connect() failed: Connection refused
I ran pulseaudio --start in jail I got N: [pulseaudio] main.c: User-configured server at unix:/tmp/pulse-native , refusing to start/autospawn.
Pulseaudio in jail does not work for me. I ran brave I got
I could not see /dev/shm/ in jail. Any ideas? Thanks for your help.
Create a file at /home/james/voidlinux/etc/fstab.pre and insert the following inside
Code:
devfs /home/james/voidlinux/dev devfs rw 0 0
tmpfs /home/james/voidlinux/dev/shm tmpfs rw,mode=1777 0 0
fdescfs /home/james/voidlinux/dev/fd fdescfs rw,linrdlnk 0 0
linprocfs /home/james/voidlinux/proc linprocfs rw 0 0
linsysfs /home/james/voidlinux/sys linsysfs rw 0 0
/tmp /home/james/voidlinux/tmp nullfs rw 0 0
Code:
exec.clean;
allow.raw_sockets;
mount.devfs;
voidlinux {
$id = "1";
$mask = "255.255.255.0";
$domain = "srv0.bsd.am";
devfs_ruleset = 4;
allow.mount;
allow.mount.devfs;
enforce_statfs = 0;
mount.fstab = "${path}/etc/fstab.pre";
exec.start = "/bin/sh /etc/runit/2 &";
exec.stop = "/bin/sh /etc/runit/3";
ip4.addr = "lo1|10.10.0.5/24";
interface = "lo1";
host.hostname = "${name}.${domain}";
path = "/home/james/voidlinux";
exec.consolelog = "/var/log/jail-${name}.log";
persist;
allow.socket_af;
}
Code:
jexec voidlinux /bin/bash
Pulseaudio aware applications can communicate with a Pulseaudio server either by TCP or a Unix-Domain-Socket (similar to Xorg). We configure this feature explicitly by editing /usr/local/etc/pulse/system.pa and add the following two lines:
Code:
load-module module-native-protocol-tcp auth-anonymous=1 auth-ip-acl=127.0.0.1;192.168.178.0/24
load-module module-native-protocol-unix auth-anonymous=1 socket=/tmp/pulse-native
The second line is most important for us: It tells us how the Pulseaudio socket will be named (/tmp/pulse-native). We'll need that information later when we configure Pulseaudio in the Linux jail.
Important: If you do not want remote connections over the network, delete the first line containing module-native-protocol-tcp. If remote connections are o.k. for you (e.g. because you would like to play audio in your Bhyve virtual machines), be sure to set the correct subnet mask (mine is in this case: 192.168.178.0/24).
Now that we have configured the Pulseaudio server, we need to enable it. The package audio/pulseaudio does not come with an rc script to start it up at boot time. Therefore, we have to create one: Create the file /usr/local/etc/rc.d/pulseaudio and let it have the following content:
Code:
#!/bin/sh
# PROVIDE: pulseaudio
# REQUIRE: DAEMON FILESYSTEMS
# KEYWORD: nojail shutdown
. /etc/rc.subr
name="pulseaudio"
desc="Start the Pulseaudio server"
rcvar="pulseaudio_enable"
pulseaudio_bin="/usr/local/bin/${name}"
pulseaudio_pidfile="/var/run/pulse/pid"
start_cmd="${name}_start"
stop_cmd="${name}_stop"
load_rc_config "${name}"
pulseaudio_start()
{
${pulseaudio_bin} --system --disallow-module-loading &
}
pulseaudio_stop()
{
if [ -f "${pulseaudio_pidfile}" ]
then
kill $(cat "${pulseaudio_pidfile}")
fi
}
run_rc_command "$1"
Next, enable the service in /etc/rc.conf:
Code:
pulseaudio_enable="YES"
Finally, start the service so the we do not have to reboot the machine:
Code:
# service pulseaudio start
We are almost there. The one thing left is to let Chrome in the Linux jail know which socket to use when talking to our Pulseaudio server. We could put this information directly into the chrome-wrapper script introduced further up, but I think it's better to make it a system-wide default for our Linux jail. Therefore, create the file /jail/ubuntu/etc/profile.d/05-pulseaudio.sh and add the following line:
Code:
export PULSE_SERVER=unix:/tmp/pulse-native
Note: If you would like to configure remote access, simply replace to line above with
Code:
export PULSE_SERVER="<Host-IP-address>"
where "Host-IP-address" is the addres of the machine running the actual Pulseaudio server.
Debugging sound
If there is no sound, ensure that the Pulseaudio connection is working: Enter the Linux jail and run
Code:
$ pactl list
If everything works, you should see a list of available sources and sinks. If you get something like this:
Code:
Connection failure: Connection refused
pa_context_connect() failed: Connection refused
I ran pulseaudio --start in jail I got N: [pulseaudio] main.c: User-configured server at unix:/tmp/pulse-native , refusing to start/autospawn.
Pulseaudio in jail does not work for me. I ran brave I got
Code:
[21041:21041:0427/030048.804088:ERROR:file_path_watcher_inotify.cc(890)] Failed to read /proc/sys/fs/inotify/max_user_watches
[21044:21044:0427/030048.804090:ERROR:file_path_watcher_inotify.cc(890)] Failed to read /proc/sys/fs/inotify/max_user_watches
[20976:102233:0427/030051.514383:ERROR:file_path_watcher_inotify.cc(337)] inotify_init() failed: Function not implemented (38)
[20976:102235:0427/030057.094409:ERROR:bus.cc(407)] Failed to connect to the bus: Could not parse server address: Unknown address type (examples of valid types are "tcp" and on UNIX "unix")
[20976:102235:0427/030057.094481:ERROR:bus.cc(407)] Failed to connect to the bus: Could not parse server address: Unknown address type (examples of valid types are "tcp" and on UNIX "unix")
[20976:102235:0427/030057.094515:ERROR:bus.cc(407)] Failed to connect to the bus: Could not parse server address: Unknown address type (examples of valid types are "tcp" and on UNIX "unix")
[20976:102235:0427/030057.094543:ERROR:bus.cc(407)] Failed to connect to the bus: Could not parse server address: Unknown address type (examples of valid types are "tcp" and on UNIX "unix")
[20976:20976:0427/030057.559411:ERROR:platform_shared_memory_region_posix.cc(214)] Creating shared memory in /dev/shm/.org.chromium.Chromium.acvvs3 failed: No such file or directory (2)
[20976:20976:0427/030057.559475:ERROR:platform_shared_memory_region_posix.cc(217)] Unable to
access(W_OK|X_OK) /dev/shm: No such file or directory (2)
[20976:20976:0427/030057.559494:FATAL:platform_shared_memory_region_posix.cc(219)] This is frequently caused by incorrect permissions on /dev/shm. Try 'sudo chmod 1777 /dev/shm' to fix.
[0427/030057.678812:ERROR:ptracer.cc(44)] ptrace: Invalid argument (22)
[0427/030057.704025:WARNING:process_reader_linux.cc(400)] Couldn't initialize main thread.
[0427/030057.704095:ERROR:proc_task_reader.cc(47)] format error
[0427/030057.704130:WARNING:exception_snapshot_linux.cc(391)] thread ID 20976 not found in process
[0427/030057.704203:ERROR:process_snapshot_linux.cc(129)] thread not found 20976
[0427/030057.704687:ERROR:proc_task_reader.cc(47)] format error
Trace/breakpoint trap
I could not see /dev/shm/ in jail. Any ideas? Thanks for your help.