Public bug reported:
On Ubuntu 26.04 beta with `pipewire 1.5.84-1ubuntu2`, `pipewire-pulse`
crashes when audio playback starts because the systemd sandbox blocks
syscall **459 (`lsm_get_self_attr`)**.
The unit contains:
```
SystemCallArchitectures=native
SystemCallFilter=@system-service
```
When audio starts, the process performs syscall 459 and systemd kills it
with SIGSYS:
```
audit: type=1326 ... comm="pipewire-pulse" syscall=459 sig=31
pipewire-pulse.service: Main process exited, code=killed, status=31/SYS
```
Effect:
* `pipewire-pulse` repeatedly crashes
* GNOME Sound Settings shows no output devices
* restarting the service temporarily restores devices until playback begins.
Workaround:
```
systemctl --user edit pipewire-pulse
```
Override:
```
[Service]
SystemCallFilter=@system-service lsm_get_self_attr
```
After allowing `lsm_get_self_attr`, audio playback works normally and
the service no longer crashes.
It appears the current hardening profile is missing this syscall, which
may now be used by PipeWire or one of its dependencies.
ProblemType: Bug
DistroRelease: Ubuntu 26.04
Package: pipewire 1.5.84-1ubuntu2
ProcVersionSignature: Ubuntu 6.19.0-6.6-generic 6.19.2
Uname: Linux 6.19.0-6-generic x86_64
ApportVersion: 2.33.1-0ubuntu3
Architecture: amd64
CasperMD5CheckResult: pass
CurrentDesktop: GNOME
Date: Fri Mar 6 18:06:57 2026
InstallationDate: Installed on 2024-04-27 (678 days ago)
InstallationMedia: Ubuntu 24.04 LTS "Noble Numbat" - Release amd64 (20240424)
MachineType: LENOVO 21HRCTO1WW
SourcePackage: pipewire
UpgradeStatus: Upgraded to resolute on 2026-02-04 (31 days ago)
dmi.bios.date: 04/22/2025
dmi.bios.release: 1.35
dmi.bios.vendor: LENOVO
dmi.bios.version: N3XET60W (1.35 )
dmi.board.asset.tag: Not Available
dmi.board.name: 21HRCTO1WW
dmi.board.vendor: LENOVO
dmi.board.version: SDK0K17763 WIN
dmi.chassis.asset.tag: No Asset Information
dmi.chassis.type: 31
dmi.chassis.vendor: LENOVO
dmi.chassis.version: None
dmi.ec.firmware.release: 1.20
dmi.modalias:
dmi:bvnLENOVO:bvrN3XET60W(1.35):bd04/22/2025:br1.35:efr1.20:svnLENOVO:pn21HRCTO1WW:pvrThinkPadX1YogaGen8:rvnLENOVO:rn21HRCTO1WW:rvrSDK0K17763WIN:cvnLENOVO:ct31:cvrNone:skuLENOVO_MT_21HR_BU_Think_FM_ThinkPadX1YogaGen8:
dmi.product.family: ThinkPad X1 Yoga Gen 8
dmi.product.name: 21HRCTO1WW
dmi.product.sku: LENOVO_MT_21HR_BU_Think_FM_ThinkPad X1 Yoga Gen 8
dmi.product.version: ThinkPad X1 Yoga Gen 8
dmi.sys.vendor: LENOVO
** Affects: pipewire (Ubuntu)
Importance: Undecided
Status: New
** Tags: amd64 apport-bug resolute third-party-packages wayland-session
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2143600
Title:
pipewire-pulse.service killed by seccomp (SIGSYS) due to missing
lsm_get_self_attr in SystemCallFilter=@system-service
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/pipewire/+bug/2143600/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
