| 2016-08-16 18:47:46 |
Nicholas Skaggs |
bug |
|
|
added bug |
| 2016-08-16 18:56:08 |
Nicholas Skaggs |
description |
1.0.38-0ubuntu0.16.04.4 breaks the juju snap package, presumably because of the change to bind mounts. To replicate, assuming you have LXD installed and configured:
snap install juju --beta --devmode
/snap/bin/juju bootstrap lxd lxd
This command should complete successfully. With 1.0.38-0ubuntu0.16.04.4 instead you get;
ERROR invalid config: can't connect to the local LXD server: LXD socket not found; is LXD installed & running?
Please install LXD by running:
$ sudo apt-get install lxd
and then configure it with:
$ newgrp lxd
$ lxd init |
The juju snap package can no longer use LXD as a substrate, presumably because of changes to bind mounts. To replicate, assuming you have LXD installed and configured:
snap install juju --beta --devmode
/snap/bin/juju bootstrap lxd lxd
This command should complete successfully and did work until recently. Now, instead you get;
ERROR invalid config: can't connect to the local LXD server: LXD socket not found; is LXD installed & running?
Please install LXD by running:
$ sudo apt-get install lxd
and then configure it with:
$ newgrp lxd
$ lxd init |
|
| 2016-08-16 19:08:40 |
Adam Stokes |
tags |
|
conjure |
|
| 2016-08-16 19:53:28 |
Zygmunt Krynicki |
snap-confine: status |
New |
Confirmed |
|
| 2016-08-16 19:53:32 |
Zygmunt Krynicki |
snap-confine: importance |
Undecided |
High |
|
| 2016-08-16 19:53:33 |
Zygmunt Krynicki |
snap-confine: assignee |
|
Zygmunt Krynicki (zyga) |
|
| 2016-08-16 19:53:34 |
Zygmunt Krynicki |
snap-confine: milestone |
|
1.0.40 |
|
| 2016-08-16 23:54:55 |
Zygmunt Krynicki |
snap-confine: status |
Confirmed |
In Progress |
|
| 2016-08-16 23:57:08 |
Zygmunt Krynicki |
snap-confine: status |
In Progress |
Fix Committed |
|
| 2016-08-22 11:42:35 |
Zygmunt Krynicki |
snap-confine: status |
Fix Committed |
Fix Released |
|
| 2016-09-20 11:58:53 |
Zygmunt Krynicki |
description |
The juju snap package can no longer use LXD as a substrate, presumably because of changes to bind mounts. To replicate, assuming you have LXD installed and configured:
snap install juju --beta --devmode
/snap/bin/juju bootstrap lxd lxd
This command should complete successfully and did work until recently. Now, instead you get;
ERROR invalid config: can't connect to the local LXD server: LXD socket not found; is LXD installed & running?
Please install LXD by running:
$ sudo apt-get install lxd
and then configure it with:
$ newgrp lxd
$ lxd init |
[Impact]
Snaps running in devmode cannot interact with LXD installed in the classic distribution. This happens because the chroot in which all snaps execute there is no /var/lib/lxd directory (it is not a part of the core snap).
That directory doesn't exist so it cannot be bind-mounted from the classic distribution. Without access to this directory there's no way to access the lxd socket located inside.
This bug is fixed by adding a quirk system where snap-confine can mount tmpfs over /var/lib and populate that tmpfs with a forest of bind mounts to the contents of /var/lib in the core snap. This leaves us with a tmpfs, not a read only squashfs so /var/lib/lxd can be now created and bind mounted on demand.
For more information about the execution environment, please see this article http://www.zygoon.pl/2016/08/snap-execution-environment.html
[Test Case]
The test case can be found here:
https://github.com/snapcore/snap-confine/blob/master/spread-tests/regression/lp-1613845/task.yaml
The test case is ran automatically for each pull request and for each final release. It can be reproduced manually by executing the shell commands listed in the prepare/execute/restore phases manually.
The commands there assume that snapd and snap-confine are installed.
No other additional setup is necessary.
[Regression Potential]
* Regression potential is small but the code change is more invasive so careful review and testing is recommended. The way this feature operates may interact with the namespace sharing feature that is introduced in 1.0.41.
As a known limitation (namespace sharing is not yet finalised and will be extended to support live mutation in subsequent releases) if the /var/lib/lxd directory does *not* exist on the classic distribution before a snap that wishes to use it is first started it will not be able to see the directory until the machine is re-started. In subsequent releases of snap-confine, snapd and snap-confine will collaborate to modify existing namespaces in reaction to changes in the mount configuration profile. At that time we can also investigate if quirks need to be adjusted in response to changes in the system.
* The fix was tested on Ubuntu via spread.
[Other Info]
* This bug is a part of a major SRU that brings snap-confine in Ubuntu 16.04 in line with the current upstream release 1.0.41.
* snap-confine is technically an integral part of snapd which has an SRU exception and is allowed to introduce new features and take advantage of accelerated procedure. For more information see https://wiki.ubuntu.com/SnapdUpdates
== # Pre-SRU bug description follows # ==
The juju snap package can no longer use LXD as a substrate, presumably because of changes to bind mounts. To replicate, assuming you have LXD installed and configured:
snap install juju --beta --devmode
/snap/bin/juju bootstrap lxd lxd
This command should complete successfully and did work until recently. Now, instead you get;
ERROR invalid config: can't connect to the local LXD server: LXD socket not found; is LXD installed & running?
Please install LXD by running:
$ sudo apt-get install lxd
and then configure it with:
$ newgrp lxd
$ lxd init |
|
| 2016-09-21 00:37:58 |
Michael Hudson-Doyle |
bug task added |
|
snap-confine (Ubuntu) |
|
| 2016-09-21 00:38:08 |
Michael Hudson-Doyle |
nominated for series |
|
Ubuntu Xenial |
|
| 2016-09-21 00:38:08 |
Michael Hudson-Doyle |
bug task added |
|
snap-confine (Ubuntu Xenial) |
|
| 2016-09-21 00:38:16 |
Michael Hudson-Doyle |
snap-confine (Ubuntu): status |
New |
Fix Released |
|
| 2016-09-21 03:43:15 |
Michael Hudson-Doyle |
snap-confine (Ubuntu Xenial): status |
New |
In Progress |
|
| 2016-10-10 13:40:16 |
Nicholas Skaggs |
snap-confine (Ubuntu Xenial): status |
In Progress |
Fix Released |
|
