snapd

OpenGL interface should udev tag all /dev/fb* files

Bug #1675738 reported by Ara Pulido
14
This bug affects 2 people
Affects Status Importance Assigned to Milestone
snapd
Fix Released
High
Gary.Wang

Bug Description

This problem only happens when using this interface and the framebuffer interface in the same snap.

The framebuffer interface udev tags the /dev/fb* devices which causes snap-confine to create a device cgroup and add /dev/fb* to it. The problem comes in because the opengl interface does not currently udev tag any of the devices in /dev, so when the snap is run (or you use 'snap run --shell <snap>) the accessed /dev/* device is not added to the per-snap device cgroup and access is denied.

The OpenGL interface should be made to have all /dev/* files udev tagged just like the framebuffer interface udev tags /dev/fb*.

Revision history for this message
Jim Hodapp (jhodapp) wrote :

Here's a list of existing snapd interfaces that all use device nodes but no udev tagging yet:

alsa: /dev/snd/*
bluez - /dev/rfkill
bluetooth-control - /dev/vhci
camera - /dev/video[0-9]*
fuse-support - /dev/fuse
kernel-module-control: /dev/mem
mir - /dev/input/* and /dev/tty[0-9]* (note, /dev/tty is added unconditionally to the cgroup, so this is for tty#)
modem-manager - /dev/tty[^0-9]* (ie, *not* /dev/tty#, but instead /dev/ttyUSB, etc, etc) and /dev/cdc-*
(modem-manager has udev rules, but not ones that udev tag the devices to the snap)
network-control: /dev/rfkill, /dev/net/tun, /dev/tun[0-9]{,[0-9]*}, /dev/tap[0-9]{,[0-9]*}
network-manager: /dev/rfkill
ofono: /dev/tty[^0-9]*, /dev/cdc-*, /dev/modem*, /dev/dsp, /dev/chnlat11, /dev/socket/rild* (if this is a unix socket, may not be needed), /dev/net/tun
opengl - /dev/dri/card*, /dev/nvidia*, /dev/vchiq
optical-drive: /dev/sr[0-9]*, /dev/scd[0-9]*
ppp - /dev/ppp, /dev/tty[^0-9]*
pulseaudio - /dev/snd/pcm*, /dev/snd/control*, /dev/snd/timer
raw-usb: /dev/bus/usb/[0-9][0-9][0-9]/[0-9][0-9][0-9]
tpm - /dev/tpm0
udisks2 - /dev/sd*, /dev/mmcblk*

Here's a list of interfaces that access device nodes that already use udev tagging:

framebuffer, uhid, serial-port, i2c, time-control, physical-memory-observe, physical-memory-control, io-ports-control, iio, hidraw

So any snap that plugs one of the interfaces from the first list *and* one of the interfaces from the second list is currently broken, so all interfaces in the first list need to be updated to use udev tagging

Revision history for this message
Jamie Strandboge (jdstrand) wrote :

Jim is working through who will be assigned to this bug and I'm happy to guide/review the PR.

Changed in snapd:
importance: Undecided → High
status: New → Triaged
Revision history for this message
Chunsang Jeong (chunsang) wrote :

@Ara, please let me know if there's any app I can reproduce/test it better.

I'd just re-snapped mesa-demos and hellogl from snappy-playpen with opengl and framebuffer interfaces, and got error messages below, but couldn't get any screen problem with them.

libGL error: failed to open drm device: Operation not permitted
libGL error: failed to load driver: i965

Revision history for this message
Chunsang Jeong (chunsang) wrote :

@jsdtrand, the short term PR is at https://github.com/snapcore/snapd/pull/3086
Please review and let me know if it needs to be fixed/improved.

Simon Fels (morphis)
summary: - OpenGL interface should udev tag all /dev/* files
+ OpenGL interface should udev tag all /dev/fb* files
Simon Fels (morphis)
Changed in snapd:
status: Triaged → In Progress
Revision history for this message
Chunsang Jeong (chunsang) wrote :

Please check the updated PR below which removed udev tagging from framebuffer interface, as discussed.
https://github.com/snapcore/snapd/pull/3089

Revision history for this message
Kyle Fazzari (kyrofa) wrote :

Note that the in-progress joystick interface (https://github.com/snapcore/snapd/pull/3112) will need to be included in phase 2 as well.

Gary.Wang (gary-wzl77)
Changed in snapd:
assignee: nobody → Gary.Wang (gary-wzl77)
Revision history for this message
Gary.Wang (gary-wzl77) wrote :

A PR for phase 2
https://github.com/snapcore/snapd/pull/3617

And a thread on the forum
https://forum.snapcraft.io/t/udev-backend-in-snapd/1319/3

Revision history for this message
Jamie Strandboge (jdstrand) wrote :

This was fixed in 2.28.

Changed in snapd:
status: In Progress → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.