On Wednesday 29 April 2020 01:57:14 Jim Kent wrote: > Is it possible to sandbox applications from the > sound hardware so that they only communicate and have a view of Pulseaudio, > rather than the underlying hardware? Yes, you need to disallow access to /dev/snd/... devices for your application. E.g. by permissions, ACLs or MAC (selinux / apparmor) or by chrooting (without providing these devices) or running in container (again without those devices). Just choose your favourite sandboxing technique. > Could something like Jack accomplish this? No, application can again ignore jack and access sound hardware, just like it did with pulseaudio. You can e.g. play with "amixer" application. If you run it as "amixer -D pulse" it will connect to pulseaudio (via unix socket) and show mixer control which pulseaudio told it. If you run it with "amixer -c 0" it will directly access sound card 0 (via /dev/snd/...) and show state of sound card 0. -- Pali Rohár pali.rohar@xxxxxxxxx _______________________________________________ pulseaudio-discuss mailing list pulseaudio-discuss@xxxxxxxxxxxxxxxxxxxxx https://lists.freedesktop.org/mailman/listinfo/pulseaudio-discuss
