I’ve been working on our snaps again and there are a few improvements in progress. One part of this is that I’ve added a login-session-control interface to snapd that will allow Mir servers in snaps to negotiate access to the display with logind.
As part of the same work I’ve enabled running the mir-test-tools on the desktop (via Mir-on-X).
mir-test-tools
Until this update, it was necessary to give the tools root and run using a command like:
sudo snap run mir-test-tools.smoke-test
This still works and tests Mir running as root and taking control of a virtual terminal. That’s a bit impolite on a desktop system and Mir supports two other modes of operation. One of these is running on an existing X server.
With this week’s update, that’s available with the test-tools snap:
snap run mir-test-tools.smoke-test
egmde-confined-desktop revisited
The third option (as mentioned above) is for the user to log in (either via the greeter or on a VT) and for Mir to negotiate access to the hardware with logind. That’s the point of my new snapd interface. It is not available yet for the mir-test-tools but it is possible to experiment with the egmde-confined-desktop snap.
It’s been some time since I wrote about this experiment in confining a “desktop” mir server, it is a proof-of-concept used to explore the issues that come up with using snap confinement for a display server.
I’m going to describe using some cutting edge changes to snapd. This means:
- You’ll need to install the
edgeversion of snapd to follow along; and, - I cannot upload the changes the the
egmde-confined-desktopsnap to the store (yet).
First refresh (or install) snapd to edge:
snap refresh --edge snapd
The experimental build is on launchpad:
https://code.launchpad.net/~alan-griffiths/+snap/egmde-confined-desktop.logind-session-control
Find the latest build of your architecture (probably “amd64”) and download the .snap file.
To install the snap and enable the new options type a couple more incantations to set things up::
sudo snap install --dangerous ~/Downloads/egmde-confined-desktop*.snap
sudo snap connect egmde-confined-desktop:login-session-control :login-session-control
sudo cp /snap/egmde-confined-desktop/current/usr/share/wayland-sessions/egmde-confined-desktop.desktop /usr/share/wayland-sessions/
(Yes I know this is a bit janky, the point of trying this is see what problems arise.)
Running the new egmde-confined-desktop
After this you will be able to use the confined egmde desktop in two new ways:
- Running as a Mir-on-X11 window on your desktop:
egmde-confined-desktop; and, - Reboot and select “egmde (confined)” from the “gears” menu on the login screen
You will be running under snap confinement, and that is the minimum needed for the example. You can’t access your own files or the programs you have installed on the system.
You can only use the sample applications in the snap. This snap doesn’t contain a curated list of applications to support a particular task, it just contains a few examples that I knew worked with Wayland (using gtk, Qt and SDL2).
I’ll leave it to the interested reader to imagine how a desktop (and applications) that cannot mess with your system (because it is a confined snap) can be useful. Here are a few screenshots to inspire you…
