snapd icon indicating copy to clipboard operation
snapd copied to clipboard
verified publisher icon snapcore

interfaces/builtin: add Vulkan and Asahi GPU support to OpenGL interface

Open Uhm-why opened this issue 2 months ago • 3 comments

This patch adds comprehensive Vulkan loader support and Apple Asahi GPU driver support to the OpenGL snap interface.

Changes:

  • Add /etc/vulkan/* paths for Vulkan ICD/layer enumeration
  • Add /usr/share/vulkan/* paths for Mesa Vulkan drivers (not just Nvidia)
  • Add Asahi GPU sysfs paths for Apple Silicon hardware

The Vulkan loader checks /etc/vulkan/ and /usr/share/vulkan/ directories for ICD and layer configuration files. The current OpenGL interface only allows Nvidia-specific Vulkan paths, causing AppArmor denials on systems using Mesa drivers.

This patch eliminates these AppArmor denials and allows proper Vulkan driver enumeration on Ubuntu Asahi and other Mesa-based systems.

Note: On Ubuntu Asahi (Apple Silicon), applications may still experience graphics issues due to Asahi Vulkan driver immaturity. However, this patch removes unnecessary AppArmor noise and is a prerequisite for proper GPU support once the Asahi Vulkan driver matures.

Tested on:

  • Hardware: Apple MacBook Pro M2
  • OS: Ubuntu 25.04 (Asahi kernel 6.16.0)
  • GPU: Apple M2 (G14G) with Asahi DRM driver
  • Mesa: 25.1.0

Before patch: AppArmor denials for Vulkan paths After patch: No Vulkan-related AppArmor denials

Thanks for helping us make a better snapd! Have you signed the license agreement and read the contribution guide?

Uhm-why avatar Oct 26 '25 08:10 Uhm-why

I thought it would be important to note that I used Claude AI for portions of troubleshooting this. I kept running into issues getting snapcraft to work and decided to use it to help me come up with a way to make it work.

Hopefully, this doesn't nullify my pull request since it is an important improvement in my ultimate goal of making Apple Silicon a first-class snapd citizen. I am going down the chain of various involved software and creating pull requests to hopefully fix these graphical issues that make the snap store on Ubuntu unusable on Apple M-chips.

Uhm-why avatar Oct 26 '25 08:10 Uhm-why

Thanks for the question @bboozzoo! I'm currently at work but will update the PR tonight. Here's how this works:

On Ubuntu Asahi systems:

  • Mesa 24.x+ with Asahi DRM driver is installed on the host (/usr/lib/dri/asahi_dri.so)
  • The Asahi GPU creates DRM device nodes at /sys/devices/platform/soc/[0-9a-f]*/[0-9a-f]*:gpu/drm/*

The issue: Confined snaps use the host's Mesa drivers through the opengl interface, but the current AppArmor rules don't include the Asahi-specific device paths. This prevents snaps from accessing the DRM device nodes needed to communicate with the GPU.

What this PR does: Adds the Asahi device paths to the opengl interface's AppArmor rules, allowing confined snaps to access the DRM device nodes and use the host's Asahi Mesa drivers.

Based on your feedback, I'll update the PR tonight to:

  • Remove the /etc/vulkan/* paths (not needed)
  • Remove the /usr/share/vulkan/* paths (provided by mesa runtime)
  • Keep only the essential Asahi DRM device paths in /sys/devices/platform/soc/*

Let me know if this explanation makes sense!

Uhm-why avatar Oct 28 '25 21:10 Uhm-why

@bboozzoo I have removed the lines of code that you pointed out and verified that it still works as it should.

Uhm-why avatar Oct 29 '25 09:10 Uhm-why