snapd
snapd copied to clipboard
snapcore
snap-confine: add WSL2 GPU support to strict confinement
- Add WSL knowledge to
snap-confine - Add
/var/lib/snapd/lib/wsl/access permissions toopenglinterface - Add
/var/lib/snapd/lib/wsl/libtoSNAP_LIBRARY_PATHenvironment variable insnapenv
Signed-off-by: Dani Llewellyn [email protected]
To test this you should have a kernel with apparmor patches added that the MS kernel doesn't carry and systemd obviously need to be operating. I've automated the install with a script at https://github.com/diddledani/one-script-wsl2-systemd. Run it in Windows PowerShell with:
./install.ps1 -NoGPG -Distro Ubuntu
The full synopsis is:
./install.ps1 [-NoGPG] [-NoKernel] [-Distro <distro name>]
The kernel I'm using, and is installed by the above script, is available at https://github.com/diddlesnaps/WSL2-Linux-Kernel/releases/tag/linux-msft-snapd-5.10.102.1
I've updated this PR to match changes in PR #11786.
Thanks, Dani! I had a quick look and this looks good to me -- I'll give it a bit more time once you remove the "draft" status.
There are a few things we could do better around SC_LIB (like defining it in a common header) and have a helper method to do the mkdir+chmod steps, but it's all stuff that you inherited from the nvidia module, so it doesn't need to be addressed here. I'll see if I can quickly create a PR to address these issues independently from your changes, so that you could then rebase your work on top of it.
Codecov Report
Merging #11785 (e3e1b3a) into master (6367fca) will increase coverage by
0.00%. The diff coverage is100.00%.
@@ Coverage Diff @@
## master #11785 +/- ##
=======================================
Coverage 78.21% 78.21%
=======================================
Files 954 954
Lines 112401 112394 -7
=======================================
- Hits 87909 87904 -5
- Misses 18971 18974 +3
+ Partials 5521 5516 -5
| Flag | Coverage Δ | |
|---|---|---|
| unittests | 78.21% <100.00%> (+<0.01%) |
:arrow_up: |
Flags with carried forward coverage won't be shown. Click here to find out more.
| Impacted Files | Coverage Δ | |
|---|---|---|
| interfaces/builtin/opengl.go | 100.00% <ø> (ø) |
|
| snap/snapenv/snapenv.go | 100.00% <100.00%> (ø) |
|
| interfaces/builtin/posix_mq.go | 83.52% <0.00%> (-3.37%) |
:arrow_down: |
| seed/seed20.go | 85.68% <0.00%> (-0.38%) |
:arrow_down: |
| overlord/ifacestate/handlers.go | 65.02% <0.00%> (+0.14%) |
:arrow_up: |
| overlord/ifacestate/helpers.go | 76.52% <0.00%> (+0.46%) |
:arrow_up: |
| cmd/snap/cmd_aliases.go | 91.54% <0.00%> (+1.40%) |
:arrow_up: |
| store/cache.go | 71.15% <0.00%> (+1.92%) |
:arrow_up: |
:mega: Codecov can now indicate which changes are the most critical in Pull Requests. Learn more
I can't build this locally to get a version to test because every method of building via snapcraft is failing. i.e. these all fail with errors unrelated to snapd code:
-
snapcraft --use-lxd -
snapcraft# using multipass -
snapcraft remote-build
All instances were using Snapcraft 4.x from the Snap Store.
ok, I retried remote-build and succeeded to get a snap built (I didn't switch back to latest/stable channel correctly before so Snapcraft was still on 4.x/stable). I'll test this on WSL2 on Sunday or Monday depending on what time I can make available...
ok, I've tested, found a bug, fixed the bug (missing snap-confine apparmor rules to allow the bind mount, and pushed the fixed version. I think we're good to go now.
that last commit was to fix spread tests - I had missed that the SNAP_LIBRARY_PATH was being tested in tests/main/snap-env/task.yaml
I'm unsure whether the 8 failing tests are a result of my changes, transient errors, or are they anything I can or need to fix for this PR?
I'm unsure whether the 8 failing tests are a result of my changes, transient errors, or are they anything I can or need to fix for this PR?
Thanks a bunch for this PR! Sadly we have some flakyness (we are working on it!) in some tests, I re-run some the failing ones and then can have a look at the individual ones.
