Hi All,
I am running our app with Zoom Linux SDK v6.1.1 integrated within a Docker container based on our in-house red hat docker image.
For security and compliance reason, we have to run the container as a non-root user and these are errors I am getting:
ALSA lib control.c:1528:(snd_ctl_open_noupdate) Invalid CTL
ALSA lib pcm.c:2664:(snd_pcm_open_noupdate) Unknown PCM
We suspect that the issue is related to missing some unknown permission preventing the Zoom SDK from accessing the pulseaudio system when the container is run as a non-root user (in our case, the user is apiq).
When we run the container as root, the ALSA errors do not occur, and the bot is able to process the audio raw data without any issues.
Could you advise on how we can resolve this issue to process audio raw data while running the container with a non-root user?
For reference, here is the Dockerfile we’re using. The issue can be resolved if we remove the line USER apiq and run the container as root, which is not what we want though.
Dockerfile
FROM sfdc_rhel9:74 AS base
ENV project=eci-realtime-zoom
# Install Dependencies
RUN dnf update \
&& dnf install -y \
ca-certificates \
cmake3 \
gcc \
gcc-c++ \
gdb \
git \
libatomic \
kernel-headers \
dbus-libs \
make \
mesa-libgbm \
mesa-libGL \
glib2 \
glib2-devel \
openssl-devel \
libX11-xcb \
xcb-util-image \
xcb-util-keysyms \
xcb-util-renderutil \
xcb-util-wm \
libXfixes \
perl \
perl-IPC-Cmd \
pkgconf \
tar \
unzip \
zip
# Install ALSA
RUN dnf install -y alsa-lib alsa-utils alsa-plugins-pulseaudio --allowerasing
# Install Pulseaudio
RUN dnf install -y pulseaudio pulseaudio-utils --allowerasing
WORKDIR /opt
RUN git clone --depth 1 https://github.com/Microsoft/vcpkg.git \
&& ./vcpkg/bootstrap-vcpkg.sh -disableMetrics \
&& ln -s /opt/vcpkg/vcpkg /usr/local/bin/vcpkg \
&& vcpkg install poco[netssl,crypto] expat
## Install Tini
## Why Tini? https://github.com/krallin/tini/issues/8
ENV TINI_VERSION v0.19.0
ADD https://github.com/krallin/tini/releases/download/${TINI_VERSION}/tini /tini
RUN chmod +x /tini
RUN groupadd apiq && useradd -m -u 7447 -g apiq apiq
RUN usermod -aG pulse-access,audio,root apiq
RUN usermod -aG pulse-access,audio root
RUN chmod -R 777 /var && chmod -R 777 /root \
&& mkdir -p /run/user/7447 && chown -R apiq:apiq /run/user/7447
FROM base
WORKDIR /home/apiq/$project
RUN chown -R apiq:apiq /home/apiq/$project/
USER apiq
COPY target/zoomsdk zoomsdk
COPY bin/run.sh run.sh
RUN mkdir -p lib/zoomsdk/qt_libs/Qt/lib
COPY lib/zoomsdk/libmeetingsdk.so.1 lib/zoomsdk/libmeetingsdk.so.1
COPY lib/zoomsdk/qt_libs/Qt/lib lib/zoomsdk/qt_libs/Qt/lib
COPY config.toml config.toml
ENTRYPOINT ["./run.sh"]
run.sh
#!/usr/bin/env bash
BotName=$1
JoinUrl=$2
# directory for application output
mkdir -p out
setup-pulseaudio() {
export XDG_RUNTIME_DIR=/run/user/$(id -u apiq)
# Enable dbus
if [[ ! -d /var/run/dbus ]]; then
mkdir -p /var/run/dbus
dbus-uuidgen > /var/lib/dbus/machine-id
dbus-daemon --config-file=/usr/share/dbus-1/system.conf --print-address
fi
# Cleanup to be "stateless" on startup, otherwise pulseaudio daemon can't start
rm -rf /var/run/pulse /var/lib/pulse /root/.config/pulse/
mkdir -p ~/.config/pulse/ && cp -r /etc/pulse/* "$_"
pulseaudio -D --exit-idle-time=-1 --system --disallow-exit
# Create a virtual speaker output
pactl load-module module-null-sink sink_name=SpeakerOutput
pactl set-default-sink SpeakerOutput
pactl set-default-source SpeakerOutput.monitor
# Make config file
echo -e "[General]\nsystem.audio.type=pulse" > ~/.config/zoomus.conf
}
run() {
# Set up and start pulseaudio
setup-pulseaudio &> /dev/null || exit;
exec ./zoomsdk --display-name $BotName --join-url $JoinUrl
}
run;
exit
Thank you for your assistance.