In short, @mborzecki’s initial suggestion to add
/dev/nvidia* rwm, does make WebGL work in an Electron snap. If this change didn’t cause security problems and were to be accepted, I could go ahead and publish Polarr to the snap store.
I tried this
and the only denial I got was
Time: Dec 20 14:52:28 Log: apparmor="DENIED" operation="dbus_method_call" bus="system" path="/" interface="org.freedesktop.DBus.ObjectManager" member="GetManagedObjects" mask="send" name="org.bluez" pid=7676 label="snap.webgl.webgl" peer_pid=1142 peer_label="unconfined" DBus access = AppArmor = Time: Dec 20 14:52:28 Log: apparmor="DENIED" operation="file_mmap" profile="snap.webgl.webgl" name="/dev/nvidiactl" pid=7807 comm="webgl" requested_mask="m" denied_mask="m" fsuid=1000 ouid=0 File: /dev/nvidiactl (mmap) Suggestion: * verify program isn't using an executable stack: https://forum.snapcraft.io/t/snap-and-executable-stacks/1812
which made me think that I did this wrong:
/dev/nvidiactl m, near the end of the file didn’t help, but then I tried
and that gave me WebGL in both the test “webgl” snap and the “polarr” snap in
snap versions both 2.30 and 2.28 whereas they didn’t have WebGL before. I thought that you meant that adding
/dev/nvidiactl m, was a better or more correct way of changing
/dev/nvidia* rw, to
/dev/nvidia* rwm, but I was mistaken and might have saved a lot of time by trying mborzecki’s suggestion first.