Manpages - pw-container.1
NAME
pw-container - The PipeWire container utility
SYNOPSIS
pw-container [/options/] [/PROGRAM/]
DESCRIPTION
Run a program in a new security context [1].
pw-container will create a new temporary unix socket and uses the SecurityContext extension API to create a server on this socket with the given properties. Clients created from this server socket will have the security properties attached to them.
This can be used to simulate the behaviour of Flatpak or other containers.
Without any arguments, pw-container simply creates the new socket and prints the address on stdout. Other PipeWire programs can then be run with PIPEWIRE_REMOTE=<socket-address> to connect through this security context.
When PROGRAM is given, the PIPEWIRE_REMOTE env variable will be set and PROGRAM will be passed to system(). Argument to PROGRAM need to be properly quoted.
OPTIONS
-P | –properties=VALUE
Set extra context properties as a JSON object.
-r | –remote=NAME
The name the remote instance to connect to. If left unspecified, a connection is made to the default PipeWire instance.
-h | –help
Show help.
–version
Show version information.
EXIT STATUS
If the security context was successfully created, pw-container does not exit until terminated with a signal. It exits with status 0 if terminated by SIGINT or SIGTERM in this case.
Otherwise, it exits with nonzero exit status.
EXAMPLES
pw-container 'pw-dump i 0'
Run pw-dump of the Core object. Note the difference in the object permissions when running pw-dump with and without pw-container.
pw-container 'pw-dump pw-dump'
Run pw-dump of itself. Note the difference in the Client security tokens when running pw-dump with and without pw-container.
AUTHORS
The PipeWire Developers <https://gitlab.freedesktop.org/pipewire/pipewire/issues>; PipeWire is available from <https://pipewire.org>
SEE ALSO
[1] https://gitlab.freedesktop.org/wayland/wayland-protocols/-/blob/main/staging/security-context/security-context-v1.xml - Creating a security context