Not exporting `LD_LIBRARY_PATH` in desktop helpers when using classic confinement

snapcraft
1

I am currently working on the feature to allow for correct functioning of classic confined snaps made out of prebuilt binaries to work across the board (and in the future also allow for building with a newer libc6 than what the target base has, such as working on 17.10 but targeting base 16).

I’ve been doing some experimenting across the known snaps I have that are classically confined; aside from an issue we are still solving related to binaries built with go, everything seems to be working fine. The most complex project I tried was visual studio code by applying this diff:

=== removed file 'electron-launch'
--- electron-launch	2017-09-04 13:56:37 +0000
+++ electron-launch	1970-01-01 00:00:00 +0000
@@ -1,28 +0,0 @@
-#!/bin/sh
-
-if test "$1" = "classic"; then
-    shift
-    case $SNAP_ARCH in
-        amd64)
-            TRIPLET="x86_64-linux-gnu"
-            ;;
-        armhf)
-            TRIPLET="arm-linux-gnueabihf"
-            ;;
-        arm64)
-            TRIPLET="aarch64-linux-gnu"
-            ;;
-        *)
-            TRIPLET="$(uname -p)-linux-gnu"
-            ;;
-    esac
-
-    export LD_LIBRARY_PATH=$SNAP/usr/lib:$SNAP/usr/lib/$TRIPLET:$LD_LIBRARY_PATH
-    export LD_LIBRARY_PATH=$SNAP/lib:$SNAP/lib/$TRIPLET:$LD_LIBRARY_PATH
-fi
-
-# Correct the TMPDIR path for Chromium Framework/Electron to ensure
-# libappindicator has readable resources.
-export TMPDIR=$XDG_RUNTIME_DIR
-
-exec ${SNAP}/bin/desktop-launch $@

=== modified file 'snap/snapcraft.yaml'
--- snap/snapcraft.yaml	2017-12-11 16:05:04 +0000
+++ snap/snapcraft.yaml	2017-12-12 20:56:46 +0000
@@ -33,17 +33,8 @@
       - libxtst6
     prime:
       - -usr/share/dh-python
-  electron-launch:
-    plugin: dump
-    source: .
-    organize:
-      electron-launch: bin/electron-launch
-    prime:
-      - -monitor.sh
-      - -OLD_VERSION
-      - -*.bz2
 
 apps:
   vscode:
-    command: bin/electron-launch classic ${SNAP}/usr/share/code/bin/code
+    command: usr/share/code/bin/code
     desktop: usr/share/applications/code.desktop

I just went ahead and got rid of using the desktop-launcher completely, but I would like to keep using it as it ensures that things like the XDG_RUNTIME_DIR exist (among other things it may do). For that LD_LIBRARY_PATH exports needs to go so the launched program doesn’t force whatever it runs into using libraries it might not work with.

The other thing I have not looked into (not even sure it is supported) is classic confined snaps using the content interface. If that is supported we might need to come up with a plan for this to work.

Here’s some command output for illustration purposes:

sergiusens@mirkwood:~/source/snapcraft$ [ -z "$LD_LIBRARY_PATH" ] && echo 'LD_LIBRARY_PATH is not set'
LD_LIBRARY_PATH is not set
sergiusens@mirkwood:~/source/snapcraft$ /snap/snapcraft/current/bin/patchelf --print-interpreter /snap/vscode/current/usr/share/code/code
/snap/core/current/lib/x86_64-linux-gnu/ld-2.23.so
sergiusens@mirkwood:~/source/snapcraft$ /snap/core/current/lib/x86_64-linux-gnu/ld-2.23.so --list /snap/vscode/current/usr/share/code/code
	linux-vdso.so.1 =>  (0x00007fff2e781000)
	libnode.so => /snap/vscode/current/usr/share/code/libnode.so (0x00007f25ac1fd000)
	libpthread.so.0 => /snap/core/current/lib/x86_64-linux-gnu/libpthread.so.0 (0x00007f25abfe0000)
	libgtk-x11-2.0.so.0 => /snap/vscode/current/usr/share/code/../../lib/x86_64-linux-gnu/libgtk-x11-2.0.so.0 (0x00007f25ab970000)
	libgdk-x11-2.0.so.0 => /snap/vscode/current/usr/share/code/../../lib/x86_64-linux-gnu/libgdk-x11-2.0.so.0 (0x00007f25ab6b3000)
	libpangocairo-1.0.so.0 => /snap/vscode/current/usr/share/code/../../lib/x86_64-linux-gnu/libpangocairo-1.0.so.0 (0x00007f25ab4a4000)
	libatk-1.0.so.0 => /snap/vscode/current/usr/share/code/../../lib/x86_64-linux-gnu/libatk-1.0.so.0 (0x00007f25ab27c000)
	libcairo.so.2 => /snap/vscode/current/usr/share/code/../../lib/x86_64-linux-gnu/libcairo.so.2 (0x00007f25aaf63000)
	libgdk_pixbuf-2.0.so.0 => /snap/vscode/current/usr/share/code/../../lib/x86_64-linux-gnu/libgdk_pixbuf-2.0.so.0 (0x00007f25aad3f000)
	libgio-2.0.so.0 => /snap/vscode/current/usr/share/code/../../lib/x86_64-linux-gnu/libgio-2.0.so.0 (0x00007f25aa9a4000)
	libpango-1.0.so.0 => /snap/vscode/current/usr/share/code/../../lib/x86_64-linux-gnu/libpango-1.0.so.0 (0x00007f25aa754000)
	libgobject-2.0.so.0 => /snap/vscode/current/usr/share/code/../../lib/x86_64-linux-gnu/libgobject-2.0.so.0 (0x00007f25aa4fd000)
	libfreetype.so.6 => /snap/vscode/current/usr/share/code/../../lib/x86_64-linux-gnu/libfreetype.so.6 (0x00007f25aa250000)
	libfontconfig.so.1 => /snap/vscode/current/usr/share/code/../../lib/x86_64-linux-gnu/libfontconfig.so.1 (0x00007f25aa00b000)
	libdbus-1.so.3 => /snap/core/current/lib/x86_64-linux-gnu/libdbus-1.so.3 (0x00007f25a9dbf000)
	libX11-xcb.so.1 => /snap/vscode/current/usr/share/code/../../lib/x86_64-linux-gnu/libX11-xcb.so.1 (0x00007f25a9bbc000)
	libxcb.so.1 => /snap/vscode/current/usr/share/code/../../lib/x86_64-linux-gnu/libxcb.so.1 (0x00007f25a9996000)
	libXi.so.6 => /snap/vscode/current/usr/share/code/../../lib/x86_64-linux-gnu/libXi.so.6 (0x00007f25a9785000)
	libXcursor.so.1 => /snap/vscode/current/usr/share/code/../../lib/x86_64-linux-gnu/libXcursor.so.1 (0x00007f25a957a000)
	libXdamage.so.1 => /snap/vscode/current/usr/share/code/../../lib/x86_64-linux-gnu/libXdamage.so.1 (0x00007f25a9376000)
	libXrandr.so.2 => /snap/vscode/current/usr/share/code/../../lib/x86_64-linux-gnu/libXrandr.so.2 (0x00007f25a916a000)
	libXcomposite.so.1 => /snap/vscode/current/usr/share/code/../../lib/x86_64-linux-gnu/libXcomposite.so.1 (0x00007f25a8f66000)
	libXext.so.6 => /snap/vscode/current/usr/share/code/../../lib/x86_64-linux-gnu/libXext.so.6 (0x00007f25a8d52000)
	libXfixes.so.3 => /snap/vscode/current/usr/share/code/../../lib/x86_64-linux-gnu/libXfixes.so.3 (0x00007f25a8b4b000)
	libXrender.so.1 => /snap/vscode/current/usr/share/code/../../lib/x86_64-linux-gnu/libXrender.so.1 (0x00007f25a8940000)
	libX11.so.6 => /snap/vscode/current/usr/share/code/../../lib/x86_64-linux-gnu/libX11.so.6 (0x00007f25a8600000)
	libXtst.so.6 => /snap/vscode/current/usr/share/code/../../lib/x86_64-linux-gnu/libXtst.so.6 (0x00007f25a83f9000)
	libXss.so.1 => /snap/vscode/current/usr/share/code/../../lib/x86_64-linux-gnu/libXss.so.1 (0x00007f25a81f4000)
	libgconf-2.so.4 => /snap/vscode/current/usr/share/code/../../lib/x86_64-linux-gnu/libgconf-2.so.4 (0x00007f25a7fc1000)
	libgmodule-2.0.so.0 => /snap/vscode/current/usr/share/code/../../lib/x86_64-linux-gnu/libgmodule-2.0.so.0 (0x00007f25a7dbc000)
	librt.so.1 => /snap/core/current/lib/x86_64-linux-gnu/librt.so.1 (0x00007f25a7bb4000)
	libglib-2.0.so.0 => /snap/core/current/lib/x86_64-linux-gnu/libglib-2.0.so.0 (0x00007f25a78a3000)
	libnss3.so => /snap/vscode/current/usr/share/code/../../lib/x86_64-linux-gnu/libnss3.so (0x00007f25a7555000)
	libnssutil3.so => /snap/vscode/current/usr/share/code/../../lib/x86_64-linux-gnu/libnssutil3.so (0x00007f25a7326000)
	libsmime3.so => /snap/vscode/current/usr/share/code/../../lib/x86_64-linux-gnu/libsmime3.so (0x00007f25a70f7000)
	libnspr4.so => /snap/vscode/current/usr/share/code/../../lib/x86_64-linux-gnu/libnspr4.so (0x00007f25a6eb5000)
	libffmpeg.so => /snap/vscode/current/usr/share/code/libffmpeg.so (0x00007f25a6a03000)
	libasound.so.2 => /snap/vscode/current/usr/share/code/../../lib/x86_64-linux-gnu/libasound.so.2 (0x00007f25a66f8000)
	libcups.so.2 => /snap/vscode/current/usr/share/code/../../lib/x86_64-linux-gnu/libcups.so.2 (0x00007f25a6474000)
	libdl.so.2 => /snap/core/current/lib/x86_64-linux-gnu/libdl.so.2 (0x00007f25a6270000)
	libexpat.so.1 => /snap/core/current/lib/x86_64-linux-gnu/libexpat.so.1 (0x00007f25a6047000)
	libstdc++.so.6 => /snap/core/current/usr/lib/x86_64-linux-gnu/libstdc++.so.6 (0x00007f25a5cc5000)
	libm.so.6 => /snap/core/current/lib/x86_64-linux-gnu/libm.so.6 (0x00007f25a59bc000)
	libgcc_s.so.1 => /snap/core/current/lib/x86_64-linux-gnu/libgcc_s.so.1 (0x00007f25a57a6000)
	libc.so.6 => /snap/core/current/lib/x86_64-linux-gnu/libc.so.6 (0x00007f25a53dc000)
	/snap/core/current/lib/x86_64-linux-gnu/ld-2.23.so (0x00007f25ad935000)
	libpangoft2-1.0.so.0 => /snap/vscode/current/usr/share/code/../../lib/x86_64-linux-gnu/libpangoft2-1.0.so.0 (0x00007f25a51c3000)
	libXinerama.so.1 => /snap/vscode/current/usr/share/code/../../lib/x86_64-linux-gnu/libXinerama.so.1 (0x00007f25a4fbf000)
	libpixman-1.so.0 => /snap/vscode/current/usr/share/code/../../lib/x86_64-linux-gnu/libpixman-1.so.0 (0x00007f25a4d15000)
	libpng12.so.0 => /snap/vscode/current/usr/share/code/../../lib/x86_64-linux-gnu/libpng12.so.0 (0x00007f25a4aee000)
	libxcb-shm.so.0 => /snap/vscode/current/usr/share/code/../../lib/x86_64-linux-gnu/libxcb-shm.so.0 (0x00007f25a48e9000)
	libxcb-render.so.0 => /snap/vscode/current/usr/share/code/../../lib/x86_64-linux-gnu/libxcb-render.so.0 (0x00007f25a46dd000)
	libz.so.1 => /snap/core/current/lib/x86_64-linux-gnu/libz.so.1 (0x00007f25a44c3000)
	libselinux.so.1 => /snap/core/current/lib/x86_64-linux-gnu/libselinux.so.1 (0x00007f25a42a1000)
	libresolv.so.2 => /snap/core/current/lib/x86_64-linux-gnu/libresolv.so.2 (0x00007f25a4086000)
	libthai.so.0 => /snap/vscode/current/usr/share/code/../../lib/x86_64-linux-gnu/libthai.so.0 (0x00007f25a3e7c000)
	libffi.so.6 => /snap/core/current/usr/lib/x86_64-linux-gnu/libffi.so.6 (0x00007f25a3c74000)
	libsystemd.so.0 => /snap/core/current/lib/x86_64-linux-gnu/libsystemd.so.0 (0x00007f25adabf000)
	libXau.so.6 => /snap/vscode/current/usr/share/code/../../lib/x86_64-linux-gnu/libXau.so.6 (0x00007f25a3a6f000)
	libXdmcp.so.6 => /snap/vscode/current/usr/share/code/../../lib/x86_64-linux-gnu/libXdmcp.so.6 (0x00007f25a3868000)
	libdbus-glib-1.so.2 => /snap/vscode/current/usr/share/code/../../lib/x86_64-linux-gnu/libdbus-glib-1.so.2 (0x00007f25a363e000)
	libpcre.so.3 => /snap/core/current/lib/x86_64-linux-gnu/libpcre.so.3 (0x00007f25a33ce000)
	libplc4.so => /snap/vscode/current/usr/share/code/../../lib/x86_64-linux-gnu/libplc4.so (0x00007f25a31c8000)
	libplds4.so => /snap/vscode/current/usr/share/code/../../lib/x86_64-linux-gnu/libplds4.so (0x00007f25a2fc3000)
	libgssapi_krb5.so.2 => /snap/vscode/current/usr/share/code/../../lib/x86_64-linux-gnu/libgssapi_krb5.so.2 (0x00007f25a2d76000)
	libgnutls.so.30 => /snap/vscode/current/usr/share/code/../../lib/x86_64-linux-gnu/libgnutls.so.30 (0x00007f25a2a3c000)
	libavahi-common.so.3 => /snap/vscode/current/usr/share/code/../../lib/x86_64-linux-gnu/libavahi-common.so.3 (0x00007f25a282f000)
	libavahi-client.so.3 => /snap/vscode/current/usr/share/code/../../lib/x86_64-linux-gnu/libavahi-client.so.3 (0x00007f25a261c000)
	libharfbuzz.so.0 => /snap/vscode/current/usr/share/code/../../lib/x86_64-linux-gnu/libharfbuzz.so.0 (0x00007f25a23bb000)
	libdatrie.so.1 => /snap/vscode/current/usr/share/code/../../lib/x86_64-linux-gnu/libdatrie.so.1 (0x00007f25a21b2000)
	liblzma.so.5 => /snap/core/current/lib/x86_64-linux-gnu/liblzma.so.5 (0x00007f25a1f90000)
	libgcrypt.so.20 => /snap/core/current/lib/x86_64-linux-gnu/libgcrypt.so.20 (0x00007f25a1caf000)
	libkrb5.so.3 => /snap/core/current/usr/lib/x86_64-linux-gnu/libkrb5.so.3 (0x00007f25a19dd000)
	libk5crypto.so.3 => /snap/core/current/usr/lib/x86_64-linux-gnu/libk5crypto.so.3 (0x00007f25a17ae000)
	libcom_err.so.2 => /snap/core/current/lib/x86_64-linux-gnu/libcom_err.so.2 (0x00007f25a15aa000)
	libkrb5support.so.0 => /snap/core/current/usr/lib/x86_64-linux-gnu/libkrb5support.so.0 (0x00007f25a139f000)
	libp11-kit.so.0 => /snap/core/current/usr/lib/x86_64-linux-gnu/libp11-kit.so.0 (0x00007f25a113b000)
	libidn.so.11 => /snap/core/current/usr/lib/x86_64-linux-gnu/libidn.so.11 (0x00007f25a0f08000)
	libtasn1.so.6 => /snap/core/current/usr/lib/x86_64-linux-gnu/libtasn1.so.6 (0x00007f25a0cf5000)
	libnettle.so.6 => /snap/core/current/usr/lib/x86_64-linux-gnu/libnettle.so.6 (0x00007f25a0abf000)
	libhogweed.so.4 => /snap/core/current/usr/lib/x86_64-linux-gnu/libhogweed.so.4 (0x00007f25a088c000)
	libgmp.so.10 => /snap/core/current/usr/lib/x86_64-linux-gnu/libgmp.so.10 (0x00007f25a060c000)
	libgraphite2.so.3 => /snap/vscode/current/usr/share/code/../../lib/x86_64-linux-gnu/libgraphite2.so.3 (0x00007f25a03e5000)
	libgpg-error.so.0 => /snap/core/current/lib/x86_64-linux-gnu/libgpg-error.so.0 (0x00007f25a01d1000)
	libkeyutils.so.1 => /snap/core/current/lib/x86_64-linux-gnu/libkeyutils.so.1 (0x00007f259ffcd000)
1 Like
2

I just found LP: #1656340, I might as well add it to our command wrapper that snapcraft creates to make this transparently usable for users of snapcraft until it makes its way into snapd.

3

So the use case here is that a classic confined app wants to execute programs from outside the snap. In the VS Code case, this would include:

  1. executing the system compiler toolchain and other build tools
  2. executing/debugging the app the user is building

And you want to avoid passing on any environment that alters the execution of these subprocesses.

Just looking through what the desktop-launch script does, LD_LIBRARY_PATH is just the start. Among other things it will also:

  1. set GST_PLUGIN_PATH / GST_PLUGIN_SYSTEM_PATH to alter where GStreamer plugins are found
  2. set GI_TYPELIB_PATH to alter where gobject-introspection typelibs are found.
  3. set GIO_MODULE_DIR to change where GLib’s GIO modules are found.
  4. set GDK_PIXBUF_MODULEDIR to change where gdk-pixbuf modules are found.
  5. set GTK_PATH to change where GTK modules are found
  6. set GTK_IM_MODULE_DIR to change where input method modules are found
  7. set QT_PLUGIN_PATH to change where Qt plugins are found

Any of these could also cause problems for subprocesses that use this functionality if there are incompatibilities between the system and snapped versions of these libraries. It’s also worth noting that some of these environment variables will be needed for correct functioning of the snapped version of the corresponding libraries, since the incompatibilities can go both ways.

You’re probably better off working out what aspects of the script you actually need in a classic environment rather than removing the the things that break one by one.

1 Like