Request to allow connection to desktop and wayland slots of ubuntu-desktop-session snap

This is a follow-up to the manual review request for the ubuntu-desktop-session snap. I’d like to get a store assertion that allows other snaps to connect to the desktop and wayland slots of this snap. I’m asking for the assertion now because without it I can’t build an Ubuntu Core image that successfully seeds with this snap.

On a classic system, these interfaces are provided as implicit slots. On a core system, this snap would serve the same role and we’d want any GUI snap to be able to auto-connect its plugs as they would on a classic system. I’d prefer not to require each individual snap to require its own declaration to allow connection if possible.

One of the concerns in the manual review thread was that the code for the desktop slot had not been merged to snapd master yet. I’m still working on addressing that. Part of the problem was that the existing snap-declaration syntax didn’t provide a way we could make the slot-side super privileged while still being able to test snaps before publishing them to the store. There is work to fix that, which should let us get the desktop slot PR into a state where it can be merged. For now, it’s probably best to assume the base declaration treats it like a super-privileged slot like lxd.

As this snap is only intended to be used on core systems, I’d be fine if it only acted as an auto-connection candidate on core systems.

Here’s a sketch of what I think might be appropriate:

slots:
  desktop:
    allow-installation: true
    allow-connection:
      on-classic: false
    allow-auto-connection:
      on-classic: false
  wayland:
    allow-installation: true
    allow-connection:
      on-classic: false
    allow-auto-connection:
      on-classic: false

Does that seem reasonable?

+1 from me - this seems quite reasonable and restricting it to Ubuntu Core at this time also seems appropriate.

1 Like

+1 from me as well for auto-connect desktop and wayland for core systems only. +2 votes for, 0 votes against. This is now live.

@jamesh would you mind testing the latest revision to check the accesses granted? We don’t usually restrict the on-core/on-classic access so I want to make sure the syntax applied is correct.

I’m still working through a few bugs on my end, but this does seem to have connection working. I’m going to need to build another image to make sure auto-connection works.

Looking at the published snap-declaration, the wayland slot rule seems a bit weird:

$ snap known --remote snap-declaration series=16 snap-id=LVkazk0JLrL0ivuHRlv3wp3bK1nAgwtN
...
slots:
...
  wayland:
    allow-auto-connection:
      on-classic: false
      plug-snap-id:
        - LVkazk0JLrL0ivuHRlv3wp3bK1nAgwtN
    allow-connection:
      on-classic: false
    allow-installation:
      slot-snap-type:
        - app

The plug-snap-id constraint seems weird: we don’t have a wayland interface plug on ubuntu-desktop-session, so we’re not trying to support self-connection. Would it be possible to remove that constraint from the declaration?

Edit: after testing, snaps are auto-connecting to the desktop slot but not wayland. The plug-snap-id constraint is the only difference in their allow-auto-connection rules.

The plug-snap-id constraint was there already for wayland (from what I can see it was granted on Mon 29 March 2021 by @alexmurray). Since it seems it is not required, I have removed it. Can you please try again and let me know how it works?

FYI I also see the plug-snap-id constraint is present for x11.

Hi @jamesh,

Could you check this ^? If everything looks ok I will remove this request from our review queue. Thanks!

Yep. Removing the plug-snap-id bit got everything working correctly.

1 Like