Manual Review Request for box64-with-gl4es

box64 is a userspace x86_64 emulator for arm64… with a twist. Simply speaking, when it doesn’t emulate x86_64 instructions it attempts to load native versions of libraries the binary requires, enabling higher performance and compatibility.

It is best served as a binfmt.d handler, directly integrating the x86_64 execution support into the OS through a kernel interface. Though this kernel interface isn’t in use directly within the snap yet (no setup procedure right now) it is on the roadmap.

box64 needs access to various system files usually inaccessible to confined apps since the intended usecase is to run applications downloaded from the web, and those apps might require any possible combination of permissions unavailable to strict confinement, including access to either system-wide multiarch x86_64 libraries or some located in an arbitrary sysroot path. As such, I would like to request an exception for classic confinement for box64-with-gl4es.

From what I can see, as per the Process for reviewing classic confinement snaps, box64-with-gles does not appear to fit within one of the supported categories for classic confinement. Also note, that there are many other similar emulator snaps in the snap store (dosbox, scummvm, retroarch) none of which require classic confinement.

As such I do not feel this is appropriate for this snap.

I would like to pick discussions about this right back up, since I now intend to daily-drive my M1 MacBook with Ubuntu Asahi more and more.

The rationale for making it a classically confined app: box64 is not an emulator per se ala dosbox or scummvm, the term ‘interpreter’ is a technical one here. box64 as an interpreter allows to run arbitrary x86_64 binaries on arm64 hardware, much like Rosetta 2 from Apple on macOS. And much like Rosetta 2 it needs to be registered in a classically-confined app for it to allow executing things like OpenArena from the upstream .zip file.

The idea is to register binfmt misc handling using a setup script as part of the Snap, here is an example of how to register the classically confined Snap against x86_64 binaries on arm64:

:x86_64:M::\x7fELF\x02\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x3e\x00:\xff\xff\xff\xff\xff\xff\xff\x00\x00\x00\x00\xff\xff\xff\xff\xff\xfe\xff\xff\xff:/snap/bin/box64-with-gl4es.box64:

This results in x86_64 Linux binaries to be executable on arm64 requiring just the executable bit set for the binary file using chmod +x.

EDIT: Further context

The additional benefit is to run the actual host OSes library set against that interpreter because it hooks AMD64 function calls to arm64 wrappers, hence tricking the system into calling arm64 code. That works today and possibly allows to run on multiple distros supporting classic Snaps. It doesn’t necessarily mean putting “AMD64 on arm64 Linux” into snapd as it is but especially with some apps wanting to ship from “The Internet” it works very well (like the .AppImage’s and regular tarball binary releases).