Skip to content

PA_CMD_CHECK should not check by pid but by socket

There is a (closed source) application that is using pulseaudio and I would like to run it in a container. This application uses pulseaudio --check to determine if a pulseaudio daemon is running and usable, but in the case of containers/pid-namespaces this check fails even if pulseaudio is fully operational.

Consider a system where pulseaudio is running directly on the host system (e.g. started by a systemd-user instance). Now we start a new container with at least pid and mount isolation and remount /proc, so that all host processes are not visible from within the container. In this container pulseaudio seems to be fully operational, as all applications can freely connect to the running daemon under /run/user/$(id -u)/pulse/native. However pulseaudio --check fails to detect the running daemon. So to reproduce:

user@debian:/$ sudo unshare -mp --fork bash
root@debian:/# umount -R /proc && mount -o nosuid,nodev,noexec -t proc proc /proc/
root@debian:/# ps -ef
UID          PID    PPID  C STIME TTY          TIME CMD
root           1       0  0 14:27 pts/12   00:00:00 bash
root           8       1  0 14:27 pts/12   00:00:00 ps -ef
root@debian:/# su user
user@debian:/$ export XDG_RUNTIME_DIR=/run/user/$(id -u)
user@debian:/$ pactl list sinks
Sink #1
	...
user@debian:/$ pulseaudio --check
user@debian:/$ echo $?
1

Expected:

user@debian:/$ pulseaudio --check
user@debian:/$ echo $?
0

This happens because --check is implemented to read the pidfile /run/user/$(id -u)/pulse/pid and check for a running process with that pid ( https://gitlab.freedesktop.org/pulseaudio/pulseaudio/-/blob/81c24738d5b62a5f092ce34ea06efab72eefbb9e/src/daemon/main.c#L607 ). I believe it would be better to try to connect to the socket and check that the daemon responds. That way also daemons running in different pid namespaces can be correctly detected and reported. Additionally I believe that checking if a daemon is ready for connections does seem more exact. Additionally this (changed) behavior would also still fit the current documentation for --check:

--check
      Return 0 as return code when the PulseAudio daemon is already running for the calling user, or non-zero otherwise. Produces no output on the console except for errors to stderr.

I could try to implement this change in a merge request if there are others supporting this change. However I'll first wait for some discussion on this issue, so the effort for the MR is not in vain. Do you have any thoughts on this?

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information