An Example Confined User Shell

In Overload #155 [Griffiths20], I wrote about snap confinement and why confinement is important in the current computing landscape. Having the operating system enforce limits on the things programs can do allows them to be installed and used with confidence.

This time I’m going to describe another way of employing snaps that provides a bespoke confined environment that can be deployed a range of target platforms from embedded IoT devices to all the major Linux distros.

There are various scenarios and reasons for packaging a Snap confined shell and a selection of applications together in a confined environment. You might have applications that work well together for a particular task; or, you may want to offer a number of alternative applications and have them available on a wide range of target platforms. The Mircade snap illustrates this approach.

Figure 1

Contents of the Mircade snap

The contents of the Mircade snap are determined by a snapcraft.yaml packaging script. I won’t go into detail about how the packaging tools work, as there’s plenty of online material that covers this well. But I will show a few extracts that illustrate how things are put together.

The user shell

A user shell is a program that allows the user to interact with the computer. It could be as simple as a command-line shell or as complex as a full desktop environment.

For Mircade, I use a modified example Mir shell (egmde) I’ve presented in my writing for C Vu [Griffiths]. This ‘mircade’ branch of egmde allows the user to select one of a number of programs and run it all within the Snap confined environment (see Listing 1).

egmde:
  source: https://github.com/AlanGriffiths/egmde.git
  source-branch: mircade
  plugin: cmake-with-ppa
  ppa: mir-team/release
  build-packages:
    - pkg-config
    - libmiral-dev
    - libboost-filesystem-dev
    - libfreetype6-dev
    - libwayland-dev
    - libxkbcommon-dev
    - g++
  stage-packages:
    - try: [libmiral4]
    - else: [libmiral3]
    - mir-graphics-drivers-desktop
    - fonts-freefont-ttf
  stage:
    - -usr/share/wayland-sessions/egmde.desktop
    - -bin/egmde-launch
			

If you’re emulating this approach you don’t have to use egmde, or even a Mir based shell, but doing so ensures there are no unexpected issues to resolve.

The applications

A successful ‘bundled’ snap is really down to choosing a compelling set of applications.

I’ve taken a bunch of games from the Ubuntu archive and bundled them into the snap. That choice is only an illustration, there’s no need to choose games, or programs from the archive.

  neverball:
    plugin: nil
    stage-packages:
      - neverball

In this example, most of the applications use SDL2 and all use Wayland.

  sdl2:
    plugin: nil
    stage-packages:
      - libsdl2-2.0-0
      - libsdl2-image-2.0-0
      - libsdl2-mixer-2.0-0
      - libsdl2-net-2.0-0

I’ve not covered other toolkits in the Mirade example. In spite of this, applications based on GTK, Qt and X11 can also be packaged. (X11 support does require Mir 2.0 which had not been released at the time of writing.)

The target platforms

Running on Ubuntu Core

There are a lot of advantages to running Ubuntu Core on IoT devices, and Mircade shows how a bundle of applications can be delivered for this. When installed on Ubuntu Core, Mircade connects to a Wayland server (such as mir-kiosk).

Running on Classic Linux

On Ubuntu Classic, there are four ways that Mircade can run, the first three are:

1. Connecting to an X11 compositor as a window on a traditional desktop
2. Connecting to a Wayland compositor as a full-screen window on a traditional desktop
3. Running directly on the hardware as a graphical login session

For each of these the corresponding interface needs to be connected:

• Connecting to an X11 compositor:snap connect mircade:x11
• Connecting to a Wayland compositor:snap connect mircade:wayland
• Running directly on the hardware:snap connect mircade:login-session-control

The fourth option, typically on an Ubuntu Server installation, is to run in the same way as on Ubuntu Core using a mir-kiosk daemon as to access the hardware.

Conclusion

The Mircade snap confined shell demonstrates how it is possible to take some applications, a user shell and Snap technology and use them deliver a portable, secure package to multiple Linux platforms including Ubuntu Core, Ubuntu Desktop and many other distros.

Targeting multiple platforms is important to the developers of snaps and confinement is important as users of a snap can ensure that it has limited access to their computer and what they are doing with it.

Do you have, or know of, a set of applications that would benefit from this approach?

References

[Griffiths] Some of the relevant articles (available online to members) are:

• ‘Making a Linux Desktop’ in CVu 31.4, available at:https://accu.org/index.php/journals/2696
• ‘Making a Linux Desktop: Painting Some Wallpaper’ in CVu 31.5, available at: https://accu.org/index.php/journals/2714
• ‘Making a Linux Desktop – Launching Applications’ in CVu 32.1, available at: https://accu.org/index.php/journals/2761

[Griffiths20] Alan Griffiths (2020) ‘What does ‘app confinement’ mean?’ in Overload 155, available at:https://accu.org/index.php/journals/2747

Resources

Mircade on GitHub: https://github.com/MirServer/mircade

Egmde on GitHub: https://github.com/AlanGriffiths/egmde/

The Mir display server: https://mir-server.io/

Alan Griffiths Alan has delivered working software and development processes to a range of organizations, written for a number of magazines, spoken at several conferences, and made many friends.