Why SYS_ADMIN on jibri?

[vkruoso]

Can you clarify why this capability is needed? Could not find any information about it in the docs or past issues here.

[saghul]

It's due to the Chrome sandbox IIRC. You can remove the capability and watch it fail...

[vkruoso]

Thanks for the info @saghul. What is IIRC? Could not find very good docs online.

Can you share details on how it would fail? Would it simply not start, or it would eventually fail in some other condition? I ask because we are running it without the capability without any problems in the past days.

[saghul]

IIRC: If I recall Correctly 😅 Chrome will fail to start with some problem related to the dev port allocation. I may be wrong, but it'd be best to re-evaluate, so go ahead and remove it, then try to start it.

[vkruoso]

At least in the latest version (not sure if the change to pulse audio has any effect on this) I can confirm it is starting and recording normally. Will report any issues if they arise.

PS. sorry for missing the IIRC shorthand. Thought it was a Chrome component! 🤷‍♂️

[saghul]

Thought it was a Chrome component! 🤷‍♂️

Hehe. Also try to rebuild the container with Chromium (there is a build arg for it) just in case it's different.