Canonical Juju

juju add-cloud fails with confined snap - creating ~/.local/share/juju

Bug #2029515 reported by Nobuto Murata on 2023-08-03

This bug report is a duplicate of: Bug #1988355: juju 3.0.0 unable to bootstrap on fresh machine. Edit Remove

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	Canonical Juju	Triaged	Medium	Unassigned

Bug Description

How to reproduce:

1. Launch a LXD container with jammy on jammy

lxc launch -e ubuntu:jammy juju-confined-snap-test
lxc exec juju-confined-snap-test -- sudo -i -u ubuntu

2. install Juju inside the LXD container

$ sudo snap install juju --channel 3.1

3. Configure a cloud

$ cat > clouds.yaml <<EOF
clouds:
  maas:
    type: maas
    auth-types: [oauth1]
    endpoint: http://192.168.151.1:5240/MAAS
EOF

$ juju add-cloud --client maas -f clouds.yaml

-> ERROR cannot load ssh client keys: mkdir /home/ubuntu/.local: permission denied

WORKAROUND:
execute the following before running `juju add-cloud`

$ mkdir -p ~/.local/share/juju/ssh/

Aug 04 01:44:16 t14 kernel: audit: type=1400 audit(1691081056.327:2305): apparmor="DENIED" operation="file_inherit" namespace="root//lxd-juju-confined-snap-test_<var-snap-lxd-common-lxd>" profile="snap-update-ns.juju" name="/dev/pts/2" pid=409297 comm="5" requested_mask="wr" denied_mask="wr" fsuid=1000000 ouid=1001000
Aug 04 01:44:16 t14 kernel: audit: type=1400 audit(1691081056.327:2306): apparmor="DENIED" operation="file_inherit" namespace="root//lxd-juju-confined-snap-test_<var-snap-lxd-common-lxd>" profile="snap-update-ns.juju" name="/dev/pts/2" pid=409297 comm="5" requested_mask="wr" denied_mask="wr" fsuid=1000000 ouid=1001000
Aug 04 01:44:16 t14 kernel: audit: type=1400 audit(1691081056.327:2307): apparmor="DENIED" operation="file_inherit" namespace="root//lxd-juju-confined-snap-test_<var-snap-lxd-common-lxd>" profile="snap-update-ns.juju" name="/dev/pts/2" pid=409297 comm="5" requested_mask="wr" denied_mask="wr" fsuid=1000000 ouid=1001000
Aug 04 01:44:16 t14 kernel: audit: type=1400 audit(1691081056.327:2308): apparmor="DENIED" operation="file_inherit" namespace="root//lxd-juju-confined-snap-test_<var-snap-lxd-common-lxd>" profile="snap-update-ns.juju" name="/dev/pts/2" pid=409297 comm="5" requested_mask="wr" denied_mask="wr" fsuid=1000000 ouid=1001000
Aug 04 01:44:17 t14 kernel: audit: type=1400 audit(1691081057.923:2309): apparmor="DENIED" operation="mkdir" namespace="root//lxd-juju-confined-snap-test_<var-snap-lxd-common-lxd>" profile="snap.juju.juju" name="/home/ubuntu/.local/" pid=409272 comm="juju" requested_mask="c" denied_mask="c" fsuid=1001000 ouid=1001000

Harry Pidcock (hpidcock) on 2023-08-09

summary:	- juju add-cloud fails inside LXD container + juju add-cloud fails with confined snap - creating ~/.local/share/juju
Changed in juju:
importance:	Undecided → Medium
status:	New → Triaged

Report a bug

This report contains Public information

Everyone can see this information.

Duplicate of bug #1988355 Remove

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.