PipeWire 1.2.5
|
The PipeWire container utility
pw-container [options] [PROGRAM]
Run a program in a new security context [1].
pw-container will create a new temporary unix socket and uses the SecurityContext extension API to create a server on this socket with the given properties. Clients created from this server socket will have the security properties attached to them.
This can be used to simulate the behaviour of Flatpak or other containers.
Without any arguments, pw-container simply creates the new socket and prints the address on stdout. Other PipeWire programs can then be run with PIPEWIRE_REMOTE=<socket-address>
to connect through this security context.
When PROGRAM is given, the PIPEWIRE_REMOTE
env variable will be set and PROGRAM will be passed to system(). Argument to PROGRAM need to be properly quoted.
If the security context was successfully created, pw-container does not exit until terminated with a signal. It exits with status 0 if terminated by SIGINT or SIGTERM in this case.
Otherwise, it exits with nonzero exit status.
pw-container 'pw-dump i 0'
Run pw-dump of the Core object. Note the difference in the object permissions when running pw-dump with and without pw-container.
pw-container 'pw-dump pw-dump'
Run pw-dump of itself. Note the difference in the Client security tokens when running pw-dump with and without pw-container.
The PipeWire Developers <https://gitlab.freedesktop.org/pipewire/pipewire/issues>; PipeWire is available from <https://pipewire.org>
[1] https://gitlab.freedesktop.org/wayland/wayland-protocols/-/blob/main/staging/security-context/security-context-v1.xml - Creating a security context