Bug 7045 - no audio in Firefox on RHEL 7
Summary: no audio in Firefox on RHEL 7
Status: CLOSED FIXED
Alias: None
Product: ThinLinc
Classification: Unclassified
Component: Server OS (show other bugs)
Version: 1.3.1
Hardware: PC Unknown
: P2 Normal
Target Milestone: 4.9.0
Assignee: Pierre Ossman
URL:
Keywords: prosaic
Depends on:
Blocks:
 
Reported: 2017-09-11 13:20 CEST by Pierre Ossman
Modified: 2017-10-03 16:02 CEST (History)
1 user (show)

See Also:
Acceptance Criteria:


Attachments

Description Pierre Ossman cendio 2017-09-11 13:20:14 CEST
This is a continuation of bug 6993. It seems like there are more things broken by the new lockdown of Firefox, specifically audio.

A quick glance at the SELinux logs suggest the issue is access to the PulseAudio cookie.
Comment 1 Pierre Ossman cendio 2017-09-27 12:24:55 CEST
I experimented a bit and identified the key differences between ThinLinc and a local login:

1. a local login gets the auth cookie via X11, not from disk. We would need to include module-x11-publish to do the same, but it might create requirements on a modern libX11 since it uses the xcb API

2. the pulseaudio socket is located under /var/run, which it is allowed to use (it is tagged usr_tmp_t)
Comment 2 Pierre Ossman cendio 2017-10-02 13:11:05 CEST
Fixing the above is not trivial, and this is only a temporary problem in Firefox that will be resolved once the next ESR is out, so let's see if we can do something more minimal by tweaking our SELinux rules.
Comment 4 Pierre Ossman cendio 2017-10-02 13:42:53 CEST
Found some minimal rules to get things up an running.

Tester should verify that audio in Firefox on RHEL 7 now works out of box, and that there isn't any AVC lines in audit.log
Comment 5 Pierre Ossman cendio 2017-10-03 09:55:20 CEST
No release notes needed as bug 6993 prevented users from reaching this bug.
Comment 6 Karl Mikaelsson cendio 2017-10-03 11:04:23 CEST
I was unable to reproduce this on CentOS 7/tl01.lab.cendio.se with Firefox 52.2, 52.3, nor 52.4.

Tested with thinlinc 4.8.0post-5572, built on Wed 27 Sep 2017 04:15:23.
Comment 7 Karl Mikaelsson cendio 2017-10-03 16:02:05 CEST
(In reply to comment #6)
> I was unable to reproduce this on CentOS 7/tl01.lab.cendio.se with Firefox
> 52.2, 52.3, nor 52.4.
> 
> Tested with thinlinc 4.8.0post-5572, built on Wed 27 Sep 2017 04:15:23.

I was able to reproduce on a RHEL7 system with 4.8.0post-5558. Maybe tl01.lab had been tampered with, patched or used as a development server?

Trying to play a music video through Youtube with Firefox on build 5558 resulted in a warning bar with a hilariously poor translation of what I suspect said "In order to play audio you need the PulseAudio software installed".

After upgrading to build 5578 and starting a new session, I could play audio without warning messages.

Looks fine to me.

Note You need to log in before you can comment on or make changes to this bug.