From 94b5f48d0b35b6417ee90e2cac85e86cf84863f7 Mon Sep 17 00:00:00 2001 From: enricobuehler Date: Sat, 4 Jul 2026 08:59:11 +0000 Subject: [PATCH] fix(flatpak): expose native PipeWire socket so client audio works MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The Linux client speaks the native PipeWire protocol (audio.rs `pw connect`), but the manifest granted only --socket=pulseaudio, so the sandbox had just `pulse/native` and no `pipewire-0`. Playback + mic both died with "pw connect (is PipeWire running in this session?)" — reproduced live on a Steam Deck in Gaming Mode (no client audio node ever appeared). Add --socket=pipewire (canonical) + --filesystem=xdg-run/pipewire-0 (portable bind of the same socket). Validated on-Deck via a `flatpak override --filesystem=xdg-run/pipewire-0`: pipewire-0 then appears in the sandbox and the client registers its "punktfunk-client" PipeWire node with no pw-connect error. Co-Authored-By: Claude Opus 4.8 (1M context) --- packaging/flatpak/io.unom.Punktfunk.yml | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/packaging/flatpak/io.unom.Punktfunk.yml b/packaging/flatpak/io.unom.Punktfunk.yml index 2eb3e9f..03acf5d 100644 --- a/packaging/flatpak/io.unom.Punktfunk.yml +++ b/packaging/flatpak/io.unom.Punktfunk.yml @@ -64,10 +64,17 @@ finish-args: # does not apply. - --device=all - --filesystem=/run/udev:ro # SDL/HIDAPI enumerates devices via udev - # --- audio: PipeWire via its PulseAudio shim — covers playback AND mic uplink. SteamOS - # exposes PipeWire-pulse here; --socket=pulseaudio is the portable arg Moonlight/chiaki - # also use on the Deck (a bare --socket=pipewire would also need the camera/portal dance - # for capture; the pulse shim gives mic + speaker in one grant). --- + # --- audio: the client speaks the NATIVE PipeWire protocol (audio.rs `pw connect`), NOT the + # PulseAudio shim — so it needs the real `pipewire-0` socket in the sandbox. With only + # --socket=pulseaudio the sandbox has just `pulse/native`, no `pipewire-0`, and playback + + # mic both die with "pw connect (is PipeWire running in this session?)" (observed live on the + # Deck in Gaming Mode). --socket=pipewire is the canonical grant; --filesystem=xdg-run/ + # pipewire-0 binds the same socket portably (validated on-Deck: it makes pipewire-0 appear in + # the sandbox where --socket=pipewire's CLI validation was flaky). Neither needs the + # camera/portal dance (that's only for camera nodes). --socket=pulseaudio stays as a fallback + # for any pulse-only path. --- + - --socket=pipewire + - --filesystem=xdg-run/pipewire-0 - --socket=pulseaudio # --- network: QUIC control + UDP data plane + mDNS discovery (_punktfunk._udp) --- - --share=network