Running snaps inside a Focal lxd container on a impish host failes
Bug #1953563 reported by
Wouter van Bommel
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Linux |
New
|
Undecided
|
Christian Brauner | ||
lxd |
Fix Released
|
Unknown
|
Bug Description
For reference see things discussed with LXD up to now: https:/
Where it comes down to, is that when a snap is installed inside a Focal LXD container running on an impish host, the snap does not work.
When running a the same snap running inside a Focal LXD container on a Focal host, it does work.
From what I got from the LXD case, this has todo with cgroups v1 vs v2 and the snapd support of this.
Changed in snapd: | |
status: | New → Incomplete |
Changed in lxd: | |
status: | Unknown → Fix Released |
Changed in snapd: | |
status: | Incomplete → New |
To post a comment you must log in.
I see no evidence of this being caused by cgroups v2. In fact all services are up.
Nested ubuntu 20.04 on 21.10 host:
root@my- ubuntu- confined: ~# snap-store-proxy status 127.0.0. 1:8005/ _status/ check local: not running: [Errno 111] Connection refused 127.0.0. 1:8002/ _status/ check ubuntu- confined: ~# snap services snap-store-proxy proxy.memcached disabled active - proxy.nginx disabled active - proxy.snapasser t disabled inactive - proxy.snapauth disabled active - proxy.snapdevic egw disabled active - proxy.snapident disabled inactive - proxy.snapproxy disabled active - proxy.snaprevs disabled active -
Store ID: not registered
Internal Service Status:
memcached: running
nginx: running
snapauth: not running: 500 Server Error: INTERNAL SERVER ERROR for url: http://
snapdevicegw: not running: getresponse() got an unexpected keyword argument 'buffering'
snapdevicegw-
snapproxy: not running: [Errno 111] Connection refused
snaprevs: not running: 500 Server Error: INTERNAL SERVER ERROR for url: http://
root@my-
Service Startup Current Notes
snap-store-
snap-store-
snap-store-
snap-store-
snap-store-
snap-store-
snap-store-
snap-store-
The services are up, some of them appear to be retrying operations and logging that. At the same time I observe denials on the host:
Dec 08 08:25:58 dec080806-781058 kernel: audit: type=1400 audit(163895195 8.783:675) : apparmor="DENIED" operation="capable" namespace= "root// lxd-my- ubuntu- confined_ <var-snap- lxd-common- lxd>" profile= "snap.snap- store-proxy. snapdevicegw" pid=10881 comm="python3" capability=0 capname="chown"
Dec 08 08:25:59 dec080806-781058 audit[10856]: AVC apparmor="DENIED" operation="capable" namespace= "root// lxd-my- ubuntu- confined_ <var-snap- lxd-common- lxd>" profile= "snap.snap- store-proxy. snapproxy" pid=10856 comm="python3" capability=0 capname="chown" 9.639:676) : apparmor="DENIED" operation="capable" namespace= "root// lxd-my- ubuntu- confined_ <var-snap- lxd-common- lxd>" profile= "snap.snap- store-proxy. snapproxy" pid=10856 comm="python3" capability=0 capname="chown" "root// lxd-my- ubuntu- confined_ <var-snap- lxd-common- lxd>" profile= "snap.snap- store-proxy. snapdevicegw" pid=10881 comm="python3" capability=0 capname="chown" 9.787:677) : apparmor="DENIED" operation="capable" namespace= "root// lxd-my- ubuntu- confined_ <var-snap- lxd-common- lxd>" profile= "snap.snap- store-proxy. snapdevicegw" pid=10881 comm="python3" capability=0 capname="chown" "root// lxd-my- ubuntu- confined_ <var-snap- lxd-common- lxd>" profile= "snap.snap- store-proxy. snapproxy" pid=10856 comm="python3" capability=0 capname="chown" 0.643:678) : apparmor="DENIED" operation="capable" namespace= "root// lxd-my- ubuntu- confined_ <var-snap- lxd-common- lxd>" profile="snap...
Dec 08 08:25:59 dec080806-781058 kernel: audit: type=1400 audit(163895195
Dec 08 08:25:59 dec080806-781058 audit[10881]: AVC apparmor="DENIED" operation="capable" namespace=
Dec 08 08:25:59 dec080806-781058 kernel: audit: type=1400 audit(163895195
Dec 08 08:26:00 dec080806-781058 audit[10856]: AVC apparmor="DENIED" operation="capable" namespace=
Dec 08 08:26:00 dec080806-781058 kernel: audit: type=1400 audit(163895196