When I launch a web browser in a systemd-nspawn container, playerctl commands don't work to play and pause multimedia, though they work for browsers outside of the container. Is there an environment variable or directory binding that I might be missing to allow playerctl to interact with applications in a chroot or container?
Asked
Active
Viewed 446 times
1 Answers
1
playerctl contacts your music players through the D-Bus session bus1 which is accessed through a Unix socket. Typically there's one per UID, and its address is expected to be found in DBUS_SESSION_BUS_ADDRESS.
It might be possible to bind the bus socket into the container, so that the web browser could connect to it, but I would not recommend doing so: there are many services available on your session bus that a malicious program could abuse (e.g. asking gnome-shell to eval() arbitrary JavaScript code).
The Flatpak sandboxing system (which uses namespace-based containers just like nspawn does) provides a generic D-Bus proxy which can be configured to only allow specific bus "service names" to be contacted by the sandboxed app (or owned by it). I would recommend running your web browser through Flatpak if you want to sandbox it.
If that's not possible, then manually set up xdg-dbus-proxy to let the nspawn container own the necessary org.mpris.MediaPlayer2.chromium.* service names without letting it talk to your entire desktop environment.
1 Not to be confused with the system bus.
grawity
- 501,077