The sandbox script can be found at http://gist.github.com/615366, where you can also edit the script.
You need to have PulseAudio server running and listening to TCP traffic so that sound can break out of the sandbox. Verify that you have
load-module module-native-protocol-tcpin your PulseAudio config. Please review the variable settings to ensure that it fits your setup (DIR,XAUTHORITY,PULSECOOKIE). The sandbox is created for the user invoking the script. This user must have sudo capabilities to call the script. Please note that I have not reviewed the script with respect to security, so do not supply it to untrusted users.
(Thanks to geheimdienst@#haskell-blah for pointing me to gist.github.com)