** Description changed: + [Impact] + + TBD + + [Test Case] + + Look below for a test case. + + [Regression Potential] + + TBD + + [Other Info] + + * snap-confine is technically an integral part of snapd which has an SRU + exception and is allowed to introduce new features and take advantage of + accelerated procedure. For more information see + https://wiki.ubuntu.com/SnapdUpdates + + == # Pre-SRU bug description follows # == + The kernel (4.8.0-19.21), apparmor (2.10.95-4ubuntu5), and lxd (2.4-0ubuntu1) needed for running snaps inside of LXD containers (bug #1611078) have all landed in Yakkety. We should be able to install squashfuse and snapd 2.16+16.10 (from yakkety-proposed) and then run snaps inside of unprivileged LXD containers. I have verified that it works well for the root user inside of the container but there are some issues when a normal user attempts to run a snap command. # Create yakkety container named "yakkety" tyhicks@host:~$ lxc launch ubuntu-daily:devel yakkety Creating yakkety Starting yakkety # Enter the container, enable yakkety-proposed, update, install the dependencies tyhicks@host:~$ lxc exec yakkety bash root@yakkety:~# echo "deb http://archive.ubuntu.com/ubuntu/ \ yakkety-proposed restricted main multiverse universe" > \ /etc/apt/sources.list.d/proposed.list root@yakkety:~# echo -e "Package: *\nPin: release a=yakkety-proposed\n\ Pin-Priority: 400" > /etc/apt/preferences.d/proposed-updates root@yakkety:~# apt-get update && apt-get dist-upgrade -y ... root@yakkety:~# apt-get install -y squashfuse snapd/yakkety-proposed ... # Rebooting the container should not be needed but is done for completeness root@yakkety:~# reboot tyhicks@host:~$ lxc exec yakkety bash # Install the hello-world snap root@yakkety:~# snap install hello-world hello-world (stable) 6.3 from 'canonical' installed # Snap commands work fine as root inside the container but not as a normal user root@yakkety:~# /snap/bin/hello-world.env SNAP_USER_COMMON=/root/snap/hello-world/common ... root@yakkety:~# su - ubuntu -c '/snap/bin/hello-world.env' internal error, please report: running "hello-world.env" failed: open /snap/hello-world/27/meta/snap.yaml: permission denied # The normal user can't access /snap/hello-world/27 because of some oddness with the # dentry root@yakkety:~# ls -al /snap/hello-world total 8 drwxr-xr-x 3 root root 4096 Oct 5 21:09 . drwxr-xr-x 5 root root 4096 Oct 5 21:09 .. drwxrwxr-x 4 root root 0 Jul 11 21:20 27 lrwxrwxrwx 1 root root 2 Oct 5 21:09 current -> 27 root@yakkety:~# su - ubuntu -c 'ls -al /snap/hello-world' ls: cannot access '/snap/hello-world/27': Permission denied total 8 drwxr-xr-x 3 root root 4096 Oct 5 21:09 . drwxr-xr-x 5 root root 4096 Oct 5 21:09 .. d????????? ? ? ? ? ? 27 lrwxrwxrwx 1 root root 2 Oct 5 21:09 current -> 27
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1630789 Title: normal users can't run snaps inside of LXD containers To manage notifications about this bug go to: https://bugs.launchpad.net/snap-confine/+bug/1630789/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
