pw-container - Man Page

The PipeWire container utility

Synopsis

pw-container [options] [PROGRAM]

Description

Run a program in a new security context [1].

pw-container will create a new temporary unix socket and uses the SecurityContext extension API to create a server on this socket with the given properties. Clients created from this server socket will have the security properties attached to them.

This can be used to simulate the behaviour of Flatpak or other containers.

Without any arguments, pw-container simply creates the new socket and prints the address on stdout. Other PipeWire programs can then be run with PIPEWIRE_REMOTE=<socket-address> to connect through this security context.

When PROGRAM is given, the PIPEWIRE_REMOTE env variable will be set and PROGRAM will be passed to system(). Argument to PROGRAM need to be properly quoted.

Options

-P | --properties=VALUE

Set extra context properties as a JSON object.

-r | --remote=NAME

The name the remote instance to connect to. If left unspecified, a connection is made to the default PipeWire instance.

-h | --help

Show help.

--version

Show version information.

Exit Status

If the security context was successfully created, pw-container does not exit until terminated with a signal. It exits with status 0 if terminated by SIGINT or SIGTERM in this case.

Otherwise, it exits with nonzero exit status.

Examples

pw-container 'pw-dump i 0'

Run pw-dump of the Core object. Note the difference in the object permissions when running pw-dump with and without pw-container.

pw-container 'pw-dump pw-dump'

Run pw-dump of itself. Note the difference in the Client security tokens when running pw-dump with and without pw-container.

Authors

The PipeWire Developers <https://gitlab.freedesktop.org/pipewire/pipewire/issues>; PipeWire is available from <https://pipewire.org>

See Also

[1] https://gitlab.freedesktop.org/wayland/wayland-protocols/-/blob/main/staging/security-context/security-context-v1.xml - Creating a security context

Info

1.2.6 PipeWire