internal/outcome: expose pipewire via pipewire-pulse
All checks were successful
Test / Create distribution (push) Successful in 28s
Test / Sandbox (push) Successful in 42s
Test / Hakurei (push) Successful in 3m20s
Test / Hpkg (push) Successful in 2m13s
Test / Sandbox (race detector) (push) Successful in 4m25s
Test / Hakurei (race detector) (push) Successful in 3m21s
Test / Flake checks (push) Successful in 1m30s
All checks were successful
Test / Create distribution (push) Successful in 28s
Test / Sandbox (push) Successful in 42s
Test / Hakurei (push) Successful in 3m20s
Test / Hpkg (push) Successful in 2m13s
Test / Sandbox (race detector) (push) Successful in 4m25s
Test / Hakurei (race detector) (push) Successful in 3m21s
Test / Flake checks (push) Successful in 1m30s
This no longer exposes the pipewire socket to the container, and instead mediates access via pipewire-pulse. This makes insecure parts of the protocol inaccessible as explained in the doc comment in hst. Closes #29. Signed-off-by: Ophestra <cat@gensokyo.uk>
This commit is contained in:
@@ -41,9 +41,13 @@ func (s *spPipeWireOp) toSystem(state *outcomeStateSys) error {
|
||||
}
|
||||
|
||||
func (s *spPipeWireOp) toContainer(state *outcomeStateParams) error {
|
||||
if s.CompatServerPath == nil {
|
||||
innerPath := state.runtimeDir.Append(pipewire.PW_DEFAULT_REMOTE)
|
||||
state.env[pipewire.Remote] = innerPath.String()
|
||||
state.params.Bind(state.instancePath().Append("pipewire"), innerPath, 0)
|
||||
}
|
||||
|
||||
// pipewire-pulse behaviour implemented in shim.go
|
||||
state.pipewirePulsePath = s.CompatServerPath
|
||||
return nil
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user