Bug 681701

Summary: Firefox (with Flash video) inside sandbox gains exclusive lock on sound
Product: [Fedora] Fedora Reporter: Robin Green <greenrd>
Component: pulseaudioAssignee: Lennart Poettering <lpoetter>
Status: CLOSED WONTFIX QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: unspecified    
Version: 15CC: aiguo.fernandez, dwalsh, lkundrak, lpoetter, mgrepl
Target Milestone: ---   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
: 847520 (view as bug list) Environment:
Last Closed: 2012-08-07 16:54:45 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Robin Green 2011-03-02 22:54:18 UTC
Description of problem:
When Firefox is playing a video inside a sandbox - and even when the video is paused - pulseaudio locks, so if mplayer tries to play something from outside the sandbox, it blocks.

This could be a security issue, especially for blind users who might rely more on audio cues.

Version-Release number of selected component (if applicable):
policycoreutils-sandbox-2.0.85-12.fc15.x86_64

How reproducible:
Always

Steps to Reproduce:
1. yum install policycoreutils-sandbox metacity
2. reboot
3. sandbox -X -H sandboxes/music/ -t sandbox_web_t -W metacity firefox
4. Go to youtube.com and play a video
5. (Optional) Pause the video
6. Outside of the sandbox, try to play some music using mplayer
  
Actual results:
mplayer hangs at 0.0%

Expected results:
mplayer should play the song or stream

Additional info:
Afterwards, it's necessary to killall pulseaudio, to get sound working again. (Pulseaudio bug?) Something automatically respawns pulseaudio as soon as you kill it. Then you might have to try playing music a couple of times before it works.

This bug does not happen when firefox is not run inside a sandbox.

Comment 1 Daniel Walsh 2011-03-03 14:15:38 UTC
Not sure of the use case of a blind user using sandbox, but...

I believe what is happening is we have two pulseaudio clients running on the machine each one running as the same UID but not able to see each other.  (Well at least the one inside the sandbox does not see the one outside the sandbox.  But both are using the same sockets in /dev/shm.

Does sound resume within the sandbox?

Not sure what would happen if we mount over /dev/shm from within the sandbox?  That might be even worse of a security violation.

I will reassign to pulseaudio to see if they have a comment.

Comment 2 Diego Fernandez 2011-06-11 17:08:46 UTC
Hey I don't know what sandbox is, but I'm having the same problem just running Firefox normally.  If I load a flash video first then try to start sound with any other app it wont work.  On the other hand if I first have sound going from another app then I can't get sound on the flash video.

Comment 3 Robin Green 2011-06-11 19:20:21 UTC
(In reply to comment #2)
> Hey I don't know what sandbox is, but I'm having the same problem just running
> Firefox normally.

I don't think that's the same problem. This is about other apps blocking (i.e. getting stuck). I think your problem is an issue with Flash, or maybe pulseaudio, but it's certainly not a bug in sandbox because you're not using it.

Comment 4 Diego Fernandez 2011-06-11 22:16:59 UTC
oh ok sorry I will file a new bug then.

Comment 5 Fedora End Of Life 2012-08-07 16:54:50 UTC
This message is a notice that Fedora 15 is now at end of life. Fedora
has stopped maintaining and issuing updates for Fedora 15. It is
Fedora's policy to close all bug reports from releases that are no
longer maintained. At this time, all open bugs with a Fedora 'version'
of '15' have been closed as WONTFIX.

(Please note: Our normal process is to give advanced warning of this
occurring, but we forgot to do that. A thousand apologies.)

Package Maintainer: If you wish for this bug to remain open because you
plan to fix it in a currently maintained version, feel free to reopen
this bug and simply change the 'version' to a later Fedora version.

Bug Reporter: Thank you for reporting this issue and we are sorry that
we were unable to fix it before Fedora 15 reached end of life. If you
would still like to see this bug fixed and are able to reproduce it
against a later version of Fedora, you are encouraged to click on
"Clone This Bug" (top right of this page) and open it against that
version of Fedora.

Although we aim to fix as many bugs as possible during every release's
lifetime, sometimes those efforts are overtaken by events. Often a
more recent Fedora release includes newer upstream software that fixes
bugs or makes them obsolete.

The process we are following is described here:
http://fedoraproject.org/wiki/BugZappers/HouseKeeping