What should I have in my snapcraft.yaml in order to open a pair of pseudoterminal handles? I have experimented a bit with this and the master handle can open successfully, but the slave always return a bad file descriptor.
This used to work (perhaps a month ago) inside a .snap environment, but now no luck.
I looked through the interfaces, and tried a few, but nothing in there seems to fit my purpose…
Technically this should just be possible, the launcher (snap-confine) creates /dev/pts/ptmx by default and you should be able to access it … perhaps @jdstrand has any deeper insight here ?
Ok, so I did some more debugging, thinking that the software code was the issue.
All ran fine outside of the .snap - and caused permission problems inside the .snap.
As it turned out, using the opengl plugin seems to have caused the issues.
Thanks for continuing to push on this and sorry for my late response (holiday, critical snapd issues). For posterity, I will point out that snap-confine sets up a devpts newinstance and adds /dev/tty, /dev/console and /dev/pts/ptmx to the device cgroup when the cgroup is in effect.
You mentioned something about the ‘opengl plugin’-- is this something specific to your application or did you mean to say ‘opengl snapd interface’ (which might indicate a snapd issue)?
Can you supply a small reproducer that demonstrates the issue? A C file or similar source code is fine. Please give the output of ‘snap version’ as well as indicate what distribution you are seeing the problem (eg, Ubuntu Core 16, 16.04 LTS, something else…). With that I can try to track this down.
Ok, this is more of the expanded udev tagging fallout. What is happening is that without connecting opengl, no devices are udev tagged and so no device cgroup is used for the snap. In 2.28+, the opengl interface udev tags a couple of devices and when the interface is connected, the /dev/pts/* slaves are not added to the cgroup. snap-confine needs to add this to the device cgroup unconditionally c 136:* rwm (unconditionally because we use a devpts newinstance, so this is safe).
This can be proven like so:
$ snap run --shell testcase
...$ testcase$SNAP/command-testcase.wrapper
open masterfd: Success
open slavedevice: Operation not permitted
# in another terminal
$ sudo sh -c "echo 'c 136:* rwm' > /sys/fs/cgroup/devices/snap.testcase.testcase/devices.allow"
# in the snap run --shell terminal
...$ $SNAP/command-testcase.wrapper
open masterfd: Success
open slavedevice: Success
We’ll get this fixed up for you. As for workarounds, you can use a devmode snap with core from the beta channel.