Running Pulse+Jack+Win under unprivileged user

What other apps and distros do you use to round out your studio?

Moderators: MattKingUSA, khz

Post Reply
mikey187210
Established Member
Posts: 7
Joined: Sun Mar 20, 2016 11:37 am

Running Pulse+Jack+Win under unprivileged user

Post by mikey187210 »

Hello all,

I have a riddle I'm hoping someone can help with. Long story short: I want to run my "studio" as a lesser privileged user, because I run wine and programs I'm not sure I can "trust". I also need to have the general X11 session under my main user, so I can also do normal things in other workspaces.

So for instance:

user: mike.untrusted
-> qjackctl
-> jackd
-> pulseaudio (sinks, sources)
-> wine --> Reaper (with untrusted VSTs)

user: mike
-> browser
-> everything else

I've figured out how to run programs like qjackctl under my main X11 session using "sudo -i --user mike.untrusted -- qjackctl" ... works great. I've also configured pulseaudio to run as a server to 127.0.0.1 (session mode, not system), so the mike.untrusted user can just config ~/.pulse/client.conf to connect to 127.0.0.1 instead of their own session.

The problem happens when the mike.untrusted user starts jack and attempts to issue "pactl load-module module-jack-sink" and sources. Since the pulseaudio client for mike.untrusted is actually just connecting to user "mike" for pulseaudio, mike's pulseaudio is the one attempting to talk back to jack, which was started by mike.untrusted. Therefore mike is denied access to jackd. Jackd must be started by mike.untrusted or else wine->reaper won't be able to access jackd. Blargh!

So perhaps one of two things ... (1) somehow give "safe" ability to user "mike" to access jackd server started by user mike.untrusted ... OR (2)..... perhaps write a little script which will perform various steps, such as:
> Stop pulseaudio for user mike and somehow switch it to client 127.0.0.1 mode
> Stop client pulseaudio for user mike.untrusted and start pulseaudio session server, serving 127.0.0.1
(^^^ This would basically reverse who is the server and client)
> Issue all commands to start qjackctl, wine->reaper, init pulseaudio jack sinks, etc, as user mike.untrusted

I feel like the second option might be more realistic, as I haven't seen anywhere how to allow a connection between users for a jack server.

Does this seem possible / practical? Is there indeed a way to tell a user to go from pulseaudio session server to pulseaudio client, and vice versa?

I'm a bit confused here. All I'd really like to do is use all audio apps under the unprivileged user while being able to use everything else under my normal user. Surely people do this all the time?
Top
Post Reply

Return to “Linux Distributions & Other Software”