The snap for ffmpeg which uses nvenc/cuda I made only works in devmode, but doesn’t spit out anything in snappy-debug security scanlog, so I’m a bit confused why it doesn’t work. I’m keen to incorporate this (or something like it) in a bunch of other snaps.
I’ve made a “simple” test case which I’d like to incorporate in another snap which will not be classic.
The input is whatever mp4 video you have handy. Personally I use a downloaded copy of this video, but use whatever. When installed in devmode, it works, but in strict, you get this:-
[nvenc @ 0x2996180] Cannot init CUDA
Error initializing output stream 0:0 -- Error while opening encoder for output stream #0:0 - maybe incorrect parameters such as bit_rate, rate, width or height
I’m doing this on a laptop running Ubuntu 18.04 with nvidia GPU and nvidia binary driver 390.48.
I don’t have nvidia hardware so can’t test this snap.
Two things come to mind though:
hardware necessary for this to work is not present in the device cgroup for the snap. devmode does not enforce device cgroups and there won’t be a logged denied access in strict mode (device cgroups are like traditional UNIX permissions in this regard).
there is a capability apparmor denial whose log message is being rate limited. This is easy to workaround: stop the snap, load the apparmor profile with sudo apparmor_parser -r /var/lib/snapd/apparmor/profiles/snap.ffmpeg.ffmpeg then launch the snap and see if a capability denial pops out in the logs
Like @popey when the snap is devmode or classic it works. It I try and use the accelerated nvidia NVENC (h264) or HEVC (h265) then I see then following on stdout:
[nvenc @ 0x1460380] Cannot init CUDA
Error initializing output stream 0:0 -- Error while opening encoder for output stream #0:0 - maybe incorrect parameters such as bit_rate, r$