From 104eeecf650ba52e155ff63a4d4456a6391e961f Mon Sep 17 00:00:00 2001 From: Ophestra Date: Mon, 8 Dec 2025 02:37:13 +0900 Subject: [PATCH] cmd/hakurei: add pipewire flag This is for "run" command, formerly permissive defaults behaviour. Signed-off-by: Ophestra --- cmd/hakurei/command.go | 9 +++++++-- cmd/hakurei/command_test.go | 6 ++++-- dist/comp/_hakurei | 3 ++- 3 files changed, 13 insertions(+), 5 deletions(-) diff --git a/cmd/hakurei/command.go b/cmd/hakurei/command.go index 5d33d41..63467e5 100644 --- a/cmd/hakurei/command.go +++ b/cmd/hakurei/command.go @@ -91,7 +91,7 @@ func buildCommand(ctx context.Context, msg message.Msg, early *earlyHardeningErr flagPrivateRuntime, flagPrivateTmpdir bool - flagWayland, flagX11, flagDBus, flagPulse bool + flagWayland, flagX11, flagDBus, flagPipeWire, flagPulse bool ) c.NewCommand("run", "Configure and start a permissive container", func(args []string) error { @@ -146,6 +146,9 @@ func buildCommand(ctx context.Context, msg message.Msg, early *earlyHardeningErr if flagDBus { et |= hst.EDBus } + if flagPipeWire || flagPulse { + et |= hst.EPipeWire + } if flagPulse { et |= hst.EPulse } @@ -297,8 +300,10 @@ func buildCommand(ctx context.Context, msg message.Msg, early *earlyHardeningErr "Enable direct connection to X11"). Flag(&flagDBus, "dbus", command.BoolFlag(false), "Enable proxied connection to D-Bus"). + Flag(&flagPipeWire, "pipewire", command.BoolFlag(false), + "Enable connection to PipeWire via SecurityContext"). Flag(&flagPulse, "pulse", command.BoolFlag(false), - "Enable direct connection to PulseAudio") + "Enable PulseAudio compatibility daemon") } { diff --git a/cmd/hakurei/command_test.go b/cmd/hakurei/command_test.go index 82e67f2..4edf4a0 100644 --- a/cmd/hakurei/command_test.go +++ b/cmd/hakurei/command_test.go @@ -36,7 +36,7 @@ Commands: }, { "run", []string{"run", "-h"}, ` -Usage: hakurei run [-h | --help] [--dbus-config ] [--dbus-system ] [--mpris] [--dbus-log] [--id ] [-a ] [-g ] [-d ] [-u ] [--private-runtime] [--private-tmpdir] [--wayland] [-X] [--dbus] [--pulse] COMMAND [OPTIONS] +Usage: hakurei run [-h | --help] [--dbus-config ] [--dbus-system ] [--mpris] [--dbus-log] [--id ] [-a ] [-g ] [-d ] [-u ] [--private-runtime] [--private-tmpdir] [--wayland] [-X] [--dbus] [--pipewire] [--pulse] COMMAND [OPTIONS] Flags: -X Enable direct connection to X11 @@ -58,12 +58,14 @@ Flags: Reverse-DNS style Application identifier, leave empty to inherit instance identifier -mpris Allow owning MPRIS D-Bus path, has no effect if custom config is available + -pipewire + Enable connection to PipeWire via SecurityContext -private-runtime Do not share XDG_RUNTIME_DIR between containers under the same identity -private-tmpdir Do not share TMPDIR between containers under the same identity -pulse - Enable direct connection to PulseAudio + Enable PulseAudio compatibility daemon -u string Passwd user name within sandbox (default "chronos") -wayland diff --git a/dist/comp/_hakurei b/dist/comp/_hakurei index d1c7d4f..8230ba4 100644 --- a/dist/comp/_hakurei +++ b/dist/comp/_hakurei @@ -17,7 +17,8 @@ _hakurei_run() { '--wayland[Enable connection to Wayland via security-context-v1]' \ '-X[Enable direct connection to X11]' \ '--dbus[Enable proxied connection to D-Bus]' \ - '--pulse[Enable direct connection to PulseAudio]' \ + '--pipewire[Enable connection to PipeWire via SecurityContext]' \ + '--pulse[Enable PulseAudio compatibility daemon]' \ '--dbus-config[Path to session bus proxy config file]: :_files -g "*.json"' \ '--dbus-system[Path to system bus proxy config file]: :_files -g "*.json"' \ '--mpris[Allow owning MPRIS D-Bus path]' \