Snappy

Can't run snap in lxd container

Bug #1745772 reported by Casey Marshall on 2018-01-27

This bug affects 5 people

Affects		Status	Importance	Assigned to	Milestone
	Snappy	Fix Released	Undecided	Unassigned

Bug Description

I'm unable to run a snap inside a LXD container. I apt-installed squashfuse in the container and I was able to install it but it won't run, I get a remount error (the "unable to resolve host" error is irrelevant LXD noise):

root@cakeshop:~# sudo snap install --edge cakeshop
sudo: unable to resolve host cakeshop: Connection timed out
cakeshop (edge) master from 'cmars' installed
root@cakeshop:~# cakeshop
cannot remount /tmp/snap.rootfs_l5ytNr/var/lib/snapd/lib/vulkan as read-only: Permission denied

LXD host information:
ubuntu@ccube:~$ lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 16.04.3 LTS
Release: 16.04
Codename: xenial
ubuntu@ccube:~$ dpkg -l | grep lxd
ii lxd 2.0.11-0ubuntu1~16.04.4 amd64 Container hypervisor based on LXC - daemon
ii lxd-client 2.0.11-0ubuntu1~16.04.4 amd64 Container hypervisor based on LXC - client

LXD container information:
ubuntu@ccube:~$ lxc info cakeshop
Name: cakeshop
Remote: unix://
Architecture: x86_64
Created: 2018/01/27 18:41 UTC
Status: Running
Type: persistent
Profiles: default
Pid: 30623
Ips:
  eth0: inet 192.168.88.20 vethSXYTL1
  eth0: inet6 fe80::216:3eff:fed2:720c vethSXYTL1
  lo: inet 127.0.0.1
  lo: inet6 ::1
Resources:
  Processes: 43
  Disk usage:
    root: 331.57MB
  Memory usage:
    Memory (current): 205.84MB
    Memory (peak): 222.25MB
  Network usage:
    eth0:
      Bytes received: 266.55MB
      Bytes sent: 3.01MB
      Packets received: 71500
      Packets sent: 47066
    lo:
      Bytes received: 0B
      Bytes sent: 0B
      Packets received: 0
      Packets sent: 0

root@cakeshop:~# dpkg -l | grep snapd
ii snapd 2.29.4.2 amd64 Daemon and tooling that enable snap packages

Revision history for this message

Stuart Bishop (stub) wrote on 2018-06-14:

I can confirm this. Snaps are not working out of the box in Xenial or Bionic lxd containers. Same behavior with and without squashfuse installed.

$ lxc launch ubuntu:xenial
Creating the container
Container name is: divine-mink
Starting divine-mink
$ lxc exec divine-mink -- bash
root@divine-mink:~# snap install hello
Mount snap "core" (4650) .snap install hello
2018-06-14T06:06:04Z INFO Waiting for restart...
hello 2.10 from 'canonical' installed
root@divine-mink:~# snap install hello
snap "hello" is already installed, see "snap refresh --help"
root@divine-mink:~# hello
cannot remount /tmp/snap.rootfs_YCmXs8/var/lib/snapd/lib/vulkan as read-only: Permission denied

Changed in snappy:
status:	New → Confirmed

Revision history for this message

Stuart Bishop (stub) wrote on 2018-06-14:

It works as expected if the non-default security.nesting config item is set to true:

$ lxc launch -c security.nesting=true ubuntu:xenial
Creating the container
Container name is: hardy-oyster
Starting hardy-oyster

$ lxc exec hardy-oyster -- bash
root@hardy-oyster:~# snap install hello
2018-06-14T06:31:47Z INFO Waiting for restart...
hello 2.10 from 'canonical' installed
root@hardy-oyster:~# hello
Hello, world!

If this setting is required, the snap command needs to detect and explain the problem to users, rather than proceed with doomed installations.

Revision history for this message

Ian Johnson (anonymouse67) wrote on 2020-01-15:

Hi, I can't seem to reproduce this anymore with snapd and lxd as a snap:

$ snap version
snap 2.43~pre1+git1614.5d5217f~ubuntu16.04.1
snapd 2.43~pre1+git1614.5d5217f~ubuntu16.04.1
series 16
ubuntu 18.04
kernel 4.15.0-74-generic
host amd64
$ lxc version
Client version: 3.18
Server version: 3.18
$ lxc launch ubuntu:16.04
Creating the container
Container name is: massive-imp
Starting massive-imp
$ lxc shell massive-imp
mesg: ttyname failed: Success
root@massive-imp:~# apt update && apt upgrade -y && snap install hello-world
...
root@massive-imp:~# hello-world
Hello World!
root@massive-imp:~# snap version
snap 2.42.5
snapd 2.42.5
series 16
ubuntu 16.04
kernel 4.15.0-74-generic
```

Changed in snappy:
status:	Confirmed → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.