From what I vaguely remember from the last time I tried, you might need to either disable AppArmor (on the parent container?) or make it privileged. Or possibly both.
Of course, this does mean you lose some of the security/isolation of containerisation. Bob -----Original Message----- From: lxc-users <[email protected]> On Behalf Of Linus Lüssing Sent: Saturday, 15 September 2018 5:02 AM To: [email protected]; [email protected] Subject: [lxc-users] Running snapd within LXC/LXD on a Debian host? Hi, I found the following, excellent article online: https://blog.ubuntu.com/2016/02/16/running-snaps-in-lxd-containers And I'm currently trying to achieve the same on an LXD host running Debian Stretch and a Container running Ubuntu 18.04. The error I'm now getting within the container is the following though: ----- $ journalctl -xe [...] -- Subject: Unit snapd.service has begun start-up -- Defined-By: systemd -- Support: http://www.ubuntu.com/support -- -- Unit snapd.service has begun starting up. Sep 14 17:42:09 rocketchat2 snapd[195]: AppArmor status: apparmor is enabled but some features are missing: dbus, network Sep 14 17:42:09 rocketchat2 snapd[195]: error: cannot start snapd: cannot mount squashfs image using "fuse.squashfuse": mount: /tmp/selftest-mountpoint-412081678: wrong fs type, bad option, bad superblock on /tmp/selftest-squashfs-971713707, missing codepage or helper program, or other error. Sep 14 17:42:09 rocketchat2 systemd[1]: snapd.service: Main process exited, code=exited, status=1/FAILURE Sep 14 17:42:09 rocketchat2 systemd[1]: snapd.service: Failed with result 'exit-code'. Sep 14 17:42:09 rocketchat2 systemd[1]: Failed to start Snappy daemon. -- Subject: Unit snapd.service has failed -- Defined-By: systemd -- Support: http://www.ubuntu.com/support -- -- Unit snapd.service has failed. ----- And I'm also getting some "DENIED" messages from apparmor in dmesg. See attachment. I tried both a 4.17 kernel provided by Debian Stretch-Backports and a 4.18 kernel from Debian Testing. The kernel cmdline looks like this for 4.18 for instance: ----- $ uname -a Linux yServer 4.18.0-1-amd64 #1 SMP Debian 4.18.6-1 (2018-09-06) x86_64 GNU/Linux $ cat /proc/cmdline BOOT_IMAGE=/boot/vmlinuz-4.18.0-1-amd64 root=UUID=f59f51b8-93ba-45e7-b0d7-c7013c52c11c ro quiet apparmor=1 security=apparmor ----- The squashfuse package is installed successfully within the container: ----- $ dpkg -l | grep squashfuse ii squashfuse 0.1.100-0ubuntu2 amd64 FUSE filesystem to mount squashfs archives ----- Are the kernels provided by Debian supposed to work for snapd within LXD? Or are there some non-upstream patches added to the Ubuntu kernel which are necessary to make things work as described in the blog post? Regards, Linus _______________________________________________ lxc-users mailing list [email protected] http://lists.linuxcontainers.org/listinfo/lxc-users
