glGetUniformLocation fails in confinement mode

Jamie Strandboge jamie at canonical.com
Mon Jan 30 14:39:11 UTC 2017 

On Mon, 2017-01-30 at 08:47 -0500, Stephen M. Webb wrote:
> On 2017-01-30 01:56 AM, Spencer Parkin wrote:
> > 
> > 
> > I have a program that has successfully snapped and run in confinement mode,
> > but then I added a pixel and vertex shader
> > which works when run on my classic system, but not in strict confinement as
> > a snap.  I've tried to narrow down the
> > earliest fail point, and I believe it is at the point where I'm calling
> > glGetUniformFromLocation.  This is returning -1
> > in confinement mode.  I'm able to read, compile and link my shader program,
> > and bind it, but the first call to
> > glGetUniformFromLocation fails.  Is OpenGL being denied read-access to a
> > portion of protected memory?  If so, it
> > certainly would fail to write there as well with a call to glUniform3f, for
> > example.
> > 
> > I've tried hooking up the snappy-debug's log-observe plug to that of ubuntu
> > core's, then running the scanlog, but the
> > only app-armer denial I get is, I believe, unrelated to the problem.  In any
> > case, I will give it here...
> > 
> > Log: apparmer="DENIED" operation="open"
> > profile="snap.twistypuzzle.twistypuzzle" name="/usr/share/glib-2.0/schemas/"
> > pid=23593 comm="desktop-launch" request_mask="r" denied_mask="r" fsuid=1000
> > ouid=0
> > File: /usr/share/glib-2.0/schemas/ (read)
> That error message is because the launcher program "desktop-launch" can not
> find the gsettings.  I don't know what
> impact that will have (if any) but it's not going to affect how OpenGL works
> internally.
> 
AIUI, the desktop part is doing this as part of its bootstrap to generate what
it needs in ~/snap/SNAP_NAME/SNAP_REVISION and it will only do this the first
time a new revision of the snap is launched. This denial is harmless and should
only happen on classic (since /usr/share/glib-2.0/schemas doesn't exist on
Ubuntu Core).

While harmless, it is also confusing. I'm not super familiar with the desktop
part and wonder how we can improve this. Didier or Seb, would the bootstrapping
process work ok if we allowed read on the /usr/share/glib-2.0/schemas/ directory
in the unity7 (and maybe the x11) transitional classic interfaces?

-- 
Jamie Strandboge             | http://www.canonical.com

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: This is a digitally signed message part
URL: <https://lists.ubuntu.com/archives/snapcraft/attachments/20170130/e1a13b07/attachment.sig>

More information about the Snapcraft mailing list