Chromium snap doesn't work with the nvidia proprietary driver

It’s been reported that the chromium snap in the stable channel doesn’t launch when using the nvidia proprietary driver.

With @popey’s help, we determined that prepending $SNAP/usr/lib/$ARCH/mesa[-egl] to LD_LIBRARY_PATH instead of appending it (like the snapcraft desktop helpers do) seems to fix the issue, and doesn’t regress on intel hardware.

The following patch seems to “fix” the snap:

— bin/chromium-browser.launcher.orig 2017-08-23 17:38:49.944305430 +0000 +++ bin/chromium-browser.launcher 2017-08-23 17:04:04.351647498 +0000 @@ -1,3 +1,7 @@ -#!/bin/sh +#!/bin/bash +ARCH=“x86_64-linux-gnu” +export LD_LIBRARY_PATH=$SNAP/usr/lib/$ARCH/mesa:$LD_LIBRARY_PATH +export LD_LIBRARY_PATH=$SNAP/usr/lib/$ARCH/mesa-egl:$LD_LIBRARY_PATH exec “$SNAP/usr/lib/chromium-browser/chromium-browser” --no-default-browser-check --no-first-run “$@”

We can of course go with this as a temporary fix, but it looks like there is a more general issue, and presumably all snaps using GL with nvidia proprietary drivers are affected. Thoughts?

1 Like

It appears that this “patch” doesn’t really cut it. It allows the app to launch, but on nvidia hardware there’s no actual hardware accelerated rendering.

The output i get after running snap chromium:

[syntist@archlinux ~]$ snap run chromium
Gtk-Message: Failed to load module "canberra-gtk-module"
Gtk-Message: Failed to load module "canberra-gtk-module"
*** stack smashing detected ***: /snap/chromium/13/usr/lib/chromium-browser/chromium-browser --type=gpu-process --field-trial-handle=8901359833124321572,13229261675299195811,131072 --supports-dual-gpus=false --gpu-driver-bug-workarounds=9,27,84 --disable-gl-extensions=GL_KHR_blend_equation_advanced GL_KHR_blend_equation_advanced_coherent --disable-accelerated-video-decode --gpu-vendor-id=0x0000 --gpu-device-id=0x0000 --gpu-driver-vendor=ES --gpu-driver-version=2.0 --gpu-driver-date --service-request-channel-token=EF50BC036D5707D15A96119D2892AF3E terminated
Received signal 6
Received signal 11 <unknown> 000000000000
*** stack smashing detected ***: /snap/chromium/13/usr/lib/chromium-browser/chromium-browser --type=gpu-process --field-trial-handle=8901359833124321572,13229261675299195811,131072 --supports-dual-gpus=false --gpu-driver-bug-workarounds=9,27,84 --disable-gl-extensions=GL_KHR_blend_equation_advanced GL_KHR_blend_equation_advanced_coherent --disable-accelerated-video-decode --gpu-vendor-id=0x0000 --gpu-device-id=0x0000 --gpu-driver-vendor=ES --gpu-driver-version=2.0 --gpu-driver-date --service-request-channel-token=F71794085FEE6E681DA9DBA5E9D55242 terminated
Received signal 6
Received signal 11 <unknown> 000000000000
*** stack smashing detected ***: /snap/chromium/13/usr/lib/chromium-browser/chromium-browser --type=gpu-process --field-trial-handle=8901359833124321572,13229261675299195811,131072 --supports-dual-gpus=false --gpu-driver-bug-workarounds=9,27,84 --disable-gl-extensions=GL_KHR_blend_equation_advanced GL_KHR_blend_equation_advanced_coherent --disable-accelerated-video-decode --gpu-vendor-id=0x0000 --gpu-device-id=0x0000 --gpu-driver-vendor=ES --gpu-driver-version=2.0 --gpu-driver-date --service-request-channel-token=26F51E679E546DD2ECE9FF1C2C68FDCB terminated
Received signal 6
Received signal 11 <unknown> 000000000000
*** stack smashing detected ***: /snap/chromium/13/usr/lib/chromium-browser/chromium-browser --type=gpu-process --field-trial-handle=8901359833124321572,13229261675299195811,131072 --supports-dual-gpus=false --gpu-driver-bug-workarounds=9,27,84 --disable-gl-extensions=GL_KHR_blend_equation_advanced GL_KHR_blend_equation_advanced_coherent --disable-accelerated-video-decode --gpu-vendor-id=0x0000 --gpu-device-id=0x0000 --gpu-driver-vendor=ES --gpu-driver-version=2.0 --gpu-driver-date --service-request-channel-token=C8417BB3294753858003C588E51CCDD1 terminated
Received signal 6
Received signal 11 <unknown> 000000000000

and no HW Acceleration as you mentioned.

this might be affecting a tester of the gnome-twitch snap: Call for Testing: Gnome Twitch

I’ve tested this on my desktop with nvidia. Using the nouveau driver chromium had hardware accelerated graphics. However with the nvidia binary driver it was software rendering. The patch to chromium-browser.launcher didn’t help.

I have renamed the title of that thread because the problem doesn’t appear to be related to the desktop helpers after all.

With the precious help of @ogra and @popey, we determined that what is causing the startup problem is:

stat("/dev/nvidia0", 0x7fd7ffffdb10) = -1 EPERM (Operation not permitted)
mknod("/dev/nvidia0", S_IFCHR|0666, makedev(195, 0) <unfinished ...>
+++ killed by SIGSYS +++

Inside a snap shell for that snap, this is what can be seen:

alan@hal:/home/alan$ ls -l /dev/nvidia0
crw-rw-rw- 1 root root 195, 0 Aug 26 10:47 /dev/nvidia0

alan@hal:/home/alan$ stat /dev/nvidia0
  File: '/dev/nvidia0'
  Size: 0         	Blocks: 0          IO Block: 4096   character special file
Device: 6h/6d	Inode: 24807       Links: 1     Device type: c3,0
Access: (0666/crw-rw-rw-)  Uid: (    0/    root)   Gid: (    0/    root)
Access: 2017-08-26 10:47:03.620673772 +0100
Modify: 2017-08-26 10:47:03.620673772 +0100
Change: 2017-08-26 10:47:03.620673772 +0100
 Birth: -

What is the output of snap version?

What is the output of snap interfaces?

Are there any security denials (besides the mknod) in syslog?

Does /etc/udev/rules.d/70-snap.chromium.rules (or similar) exist? What are its contents?

I suspect that this has to do with the devices cgroup and using an interface that triggers its use where the opengl interface isn’t using it. If that is the case, this will be fixed in 2.28.

$ snap version
snap    2.27.5
snapd   2.27.5
series  16
ubuntu  16.04
kernel  4.10.0-32-generic

snap interfaces - http://paste.ubuntu.com/25444683/

dmesg - http://paste.ubuntu.com/25444059/

alan@hal:~$ ls -l  /etc/udev/rules.d/70-snap.chromium.rules 
ls: cannot access '/etc/udev/rules.d/70-snap.chromium.rules': No such file or directory

This has denials for /proc/vmstat but your snapd version is 2.27.5, which has a fix for that. Can you uninstall/install chromium, then try again and list only denials that appear after you start chromium?

Also, it would be best if you used ‘journalctl | grep audit’ instead of dmesg.

This coupled with using 2.27.5 indicates it shouldn’t be the device cgroup.

Ok, uninstalled and reinstalled chromium, ran chromium while talking the journal.

Sep 02 15:56:34 hal audit[29858]: AVC apparmor="STATUS" operation="profile_replace" profile="unconfined" name="/snap/core/2462/usr/lib/snapd/snap-confine//mount-namespace-capture-helper" pid=29858 comm="apparmor_parser"
Sep 02 15:56:34 hal kernel: audit: type=1400 audit(1504364194.366:1745): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="/snap/core/2462/usr/lib/snapd/snap-confine//mount-namespace-capture-helper" pid=29858 comm="apparmor_parser"
Sep 02 15:56:34 hal audit[29860]: AVC apparmor="STATUS" operation="profile_replace" profile="unconfined" name="snap.core.hook.configure" pid=29860 comm="apparmor_parser"
Sep 02 15:56:34 hal kernel: audit: type=1400 audit(1504364194.370:1746): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="snap.core.hook.configure" pid=29860 comm="apparmor_parser"
Sep 02 15:58:03 hal audit[2403]: USER_AVC pid=2403 uid=106 auid=4294967295 ses=4294967295 msg='apparmor="DENIED" operation="dbus_method_call"  bus="system" path="/" interface="org.freedesktop.DBus.ObjectManager" member="GetManagedObjects" mask="send" name="org.bluez" pid=30030 label="snap.chromium.chromium" peer_pid=3057 peer_label="unconfined"
Sep 02 15:58:03 hal kernel: audit: type=1107 audit(1504364283.229:1747): pid=2403 uid=106 auid=4294967295 ses=4294967295 msg='apparmor="DENIED" operation="dbus_method_call"  bus="system" path="/" interface="org.freedesktop.DBus.ObjectManager" member="GetManagedObjects" mask="send" name="org.bluez" pid=30030 label="snap.chromium.chromium" peer_pid=3057 peer_label="unconfined"
Sep 02 15:58:04 hal audit[30294]: SECCOMP auid=4294967295 uid=1000 gid=1000 ses=4294967295 pid=30294 comm="SGI_video_sync" exe="/snap/chromium/9/usr/lib/chromium-browser/chromium-browser" sig=31 arch=c000003e syscall=133 compat=0 ip=0x7f81644c0cad code=0x0
Sep 02 15:58:04 hal kernel: audit: type=1326 audit(1504364284.905:1748): auid=4294967295 uid=1000 gid=1000 ses=4294967295 pid=30294 comm="SGI_video_sync" exe="/snap/chromium/9/usr/lib/chromium-browser/chromium-browser" sig=31 arch=c000003e syscall=133 compat=0 ip=0x7f81644c0cad code=0x0