/dev/dri/card0 only available to root on Core
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
snapd |
Confirmed
|
Undecided
|
Unassigned |
Bug Description
/dev/dri/card0 is for applications wanting to use GPU acceleration.
On desktops, this device node is owned by root, is member of the video group, and has ACLs with more granular access patterns:
$ getfacl /dev/dri/card0
getfacl: Removing leading '/' from absolute path names
# file: dev/dri/card0
# owner: root
# group: video
user::rw-
user:gerry:rw-
group::rw-
mask::rw-
other::---
I believe the "user" ACL is set by the login manager gdm, so that applications run as the user ("gerry" in this case) can use the GPU. (note, the user is not typically part of the video group.)
On Ubuntu Core, /dev/dri/card0 is owned by root and member of video group, but that is all. This is very limiting.
My use-case is running mir-kiosk (as root, which is fine), and then running a GUI application as $USER, but it being able to instrument the GPU. Example is Xwayland, needed to allow X11 applications to render on top of mir-kiosk. Xwayland needs to read/write to /dev/dri/card0.
Can there be some permissions change to allow non-root applications read /dev/dri/card0? Something like the opengl interface adding the $USER to the "video" group?
summary: |
- /dev/dri/card0 only available to root + /dev/dri/card0 only available to root on Core |
Changed in snapd: | |
status: | New → Confirmed |