Can't connect firefox to Pipewire from a container

I run Firefox in a systemd-nspawn container. Before, I would connect the audio via a pipewire-pulse tcp connection. I’m trying to use pure Pipewire for it now, and I don’t know how to do it.

This is what I have done so far:

  1. launch nspawn with -U --bind=“/run/user/1000/pipewire-0:/tmp/pipewire-0” and --setenv=“XDG_RUNTIME_DIR=/tmp”.
    [this creates a r/w mapping to the pipewire socket inside the nspawn container]
  2. launch firefox and play a youtube video, but NO SOUND .

The nspawn container has all the pipewire and alsa packages installed.

I remember there were some authentication issues with pulse audio server setup, so I would imagine there’s a need to authenticate with the Pipewire server somehow?

How do I debug this even? Is there a way to monitor clients trying to connect to a pipewire server to see why they don’t connect? How do I check that firefox inside the container is even trying to connect over the pipewire socket?

What is the output of :

journalctl --user -u pipewire -f
journalctl --user -u pipewire-pulse -f

On your Host machine ?

No output.

Can you try ls -l /run/user/1000/pipewire-0 it should return that it’s a socket.

Also try this in the container ls -l /tmp/pipewire-0 both output’s should match.

1 Like

ls -l /tmp/pipewire-0 is the same except it says nobody nobody, and the host’s one says hostuser hostuser.

If I run nspawn with --private-users=off, then on the guest side I get the pipewire socket as guestuser guestuser.

I remember a while ago if I ran nspawn with the matching username inside the guest, I would be able to have the sound working. But there’s a security issue, the whole point of containerizing is to separate as much as possible. So how do we connect to pipewire as some other username.

1 Like

Not technically the answer I was looking for, but if it works it works :upside_down_face: :fedora:

What I was asking was to see if socket was present :

ls -l /run/user/1000/pipewire-0 srw-rw-rw-. 1 USER USER 0 Jun 17 10:58 /run/user/1000/pipewire-0 where srw would represent socket.

Yes, it’s an ‘srw’, so it’s a socket both in host and guest. What next?

Does anyone know how to connect to pipewire from a different user process?

1 Like

Hey sorry I never go back. I’m caught up in other projects.

Try inside the container:


should return /tmp.

Also, just so I understand what you’re trying to achieve here, You have a systemd-nspawn container and booted and image, then installed Firefox ? Am I right?

If so, a different approach would have been to create the image with firefox so most of these things are handled at build time.


Try to Bind the pipewire ?

sudo systemd-nspawn -U --bind=/run/user/1000/pipewire-0:/tmp/pipewire-0 --setenv=XDG_RUNTIME_DIR=/tmp <other-options> <container-name>

The solution is super easy. Thanks to Pipewire devs!

It turns out that Firefox does NOT use Pipewire for sound. Firefox uses Pulseaudio for sound.

The configuration is simple using a UNIX socket (not TCP). Everyone with Pipewire on Fedora should have a pipewire-pulse service and socket. That socket, as seen from the systemd’s pipewire-pulse.socket config is in /run/user/1000/pulse/native. So, you bind that to an nspawn container, i.e. --bind="/run/user/1000/pulse/native:/tmp/pulsesocket" --setenv="PULSE_SERVER=/tmp/pulsesocket", and I have Firefox playing sound.

1 Like

Have you considered building your images the mounting them with systemd-nspawn afterwards?

I’m sorry, I don’t understand. What images?

Well, When you are running systemd-nspawn -Db <an image/a distro/my own install> what are you booting into? You have an image predefined or did you install a distro into a container, and then install software into said container?

What was your process ?

What I am saying is there are many things you can do to ease this setup.

Ohhh, I don’t boot from an image. I install into a folder and systemd-nspawn -D folder afterwards. You can wrap that into an image outside of nspawn.

Ok that makes sense. That’s what I used to do many moons ago, also what I do if I need to have a sandbox_web_t context