Can not run lxd as an unprivileged user

lxc ls
Error: Get http://unix.socket/1.0: dial unix /var/lib/lxd/unix.socket: connect: permission denied

uname -a
Linux xiyan 4.19.80-0-vanilla #1-Alpine SMP Fri Oct 18 11:27:53 UTC 2019 x86_64 Linux

cat /etc/alpine-release
3.10.3

xiyan:~$ lxd --version
3.18

groups xiyan
xiyan lxd

xiyan:~$ sudo service lxd restart

  • Stopping lxd … [ ok ]
  • Starting lxd … [ ok ]
    xiyan:~$ lxc ls
    Error: Get http://unix.socket/1.0: dial unix /var/lib/lxd/unix.socket: connect: permission denied
    xiyan:~$ sudo lxc ls
    ±-----------±--------±----------------------±--------------------------------------------±-----------±----------+
    | NAME | STATE | IPV4 | IPV6 | TYPE | SNAPSHOTS |
    ±-----------±--------±----------------------±--------------------------------------------±-----------±----------+
    | alpineTest | RUNNING | 10.149.197.108 (eth0) | fd42:cb1e:f36:329:216:3eff:fe13:8600 (eth0) | PERSISTENT | 0 |
    ±-----------±--------±----------------------±--------------------------------------------±-----------±----------+

xiyan:~$ cat /var/lib/lxd
cat: can’t open ‘/var/lib/lxd’: Permission denied
xiyan:~$ id
uid=1000(xiyan) gid=1000(xiyan) groups=103(lxd),1000(xiyan)

lxc info alpineTest
Error: Get http://unix.socket/1.0: dial unix /var/lib/lxd/unix.socket: connect: permission denied

xiyan:~$ sudo service lxd status
[sudo] password for xiyan:

  • status: started

ls -lh /var/lib/lxd/unix.socket
srw-rw---- 1 root root 0 Dec 9 04:26 /var/lib/lxd/unix.socket

sudo service unix.socket restart
xiyan:~$ sudo service lxd.socket restart

  • service: service `lxd.socket’ does not exist

xiyan:~$ sudo service unix.socket restart

  • service: service `unix.socket’ does not exist

sudo ls -alh /var/lib/lxd/
total 56K
drwx–x--x 14 root root 4.0K Dec 9 04:26 .
drwxr-xr-x 12 root root 4.0K Dec 9 04:24 …
drwx------ 2 root root 4.0K Dec 9 04:06 backups
drwx–x--x 2 root root 4.0K Dec 9 04:14 containers
drwx------ 3 root root 4.0K Dec 9 04:06 database
drwx–x--x 3 root root 4.0K Dec 9 04:14 devices
drwxr-xr-x 2 root root 60 Dec 9 04:26 devlxd
drwx------ 2 root root 4.0K Dec 9 04:12 disks
drwx------ 2 root root 4.0K Dec 9 04:13 images
drwx–x--x 4 root root 4.0K Dec 9 04:12 networks
drwx------ 4 root root 4.0K Dec 9 04:14 security
-rw-r–r-- 1 root root 725 Dec 9 04:06 server.crt
-rw------- 1 root root 288 Dec 9 04:06 server.key
drwx–x--x 3 root root 60 Dec 9 04:14 shmounts
drwx------ 2 root root 4.0K Dec 9 04:06 snapshots
drwx–x--x 4 root root 4.0K Dec 9 04:12 storage-pools
srw-rw---- 1 root root 0 Dec 9 04:26 unix.socket

xiyan:~$ sudo service lxd start

  • WARNING: lxd has already been started
    xiyan:~$ sudo service lxd status
  • status: started

xiyan:~$ apk info
musl
acct
busybox
alpine-baselayout
openrc
alpine-conf
libcrypto1.1
libssl1.1
ca-certificates-cacert
libtls-standalone
ssl_client
zlib
apk-tools
busybox-suid
busybox-initscripts
scanelf
musl-utils
libc-utils
alpine-keys
alpine-base
libcap
chrony
chrony-openrc
libuuid
libblkid
libcom_err
e2fsprogs-libs
e2fsprogs
lddtree
argon2-libs
device-mapper-libs
json-c
cryptsetup-libs
xz-libs
kmod
kmod-openrc
mkinitfs
linux-firmware-yamaha
linux-firmware-yam
linux-firmware-vxge
linux-firmware-vicam
linux-firmware-ueagle-atm
linux-firmware-ttusb-budget
linux-firmware-tigon
linux-firmware-ti-keystone
linux-firmware-ti-connectivity
linux-firmware-tehuti
linux-firmware-sxg
linux-firmware-sun
linux-firmware-slicoss
linux-firmware-sb16
linux-firmware-rtw88
linux-firmware-rtlwifi
linux-firmware-rtl_nic
linux-firmware-rtl_bt
linux-firmware-rtl8192e
linux-firmware-rsi
linux-firmware-rockchip
linux-firmware-radeon
linux-firmware-r128
linux-firmware-qlogic
linux-firmware-qed
linux-firmware-qcom
linux-firmware-qca
linux-firmware-ositech
linux-firmware-nvidia
linux-firmware-netronome
linux-firmware-myricom
linux-firmware-mwlwifi
linux-firmware-mwl8k
linux-firmware-mrvl
linux-firmware-moxa
linux-firmware-microchip
linux-firmware-meson
linux-firmware-mellanox
linux-firmware-mediatek
linux-firmware-matrox
linux-firmware-liquidio
linux-firmware-libertas
linux-firmware-korg
linux-firmware-keyspan_pda
linux-firmware-keyspan
linux-firmware-kaweth
linux-firmware-isci
linux-firmware-intel
linux-firmware-imx
linux-firmware-i915
linux-firmware-go7007
linux-firmware-ess
linux-firmware-ene-ub6250
linux-firmware-emi62
linux-firmware-emi26
linux-firmware-edgeport
linux-firmware-e100
linux-firmware-dsp56k
linux-firmware-dpaa2
linux-firmware-dabusb
linux-firmware-cxgb4
linux-firmware-cxgb3
linux-firmware-cpia2
linux-firmware-cis
linux-firmware-cavium
linux-firmware-cadence
linux-firmware-brcm
linux-firmware-bnx2x
linux-firmware-bnx2
linux-firmware-av7110
linux-firmware-atusb
linux-firmware-atmel
linux-firmware-ath9k_htc
linux-firmware-ath6k
linux-firmware-ath10k

linux-vanilla
openssh-keygen
ncurses-terminfo-base
ncurses-terminfo
ncurses-libs
libedit
openssh-client
openssh-sftp-server
openssh-server-common
openssh-server
openssh
openssl
mtools
blkid
syslinux
lua5.3-libs
vim
sudo
libacl
acl
libbsd
netcat-openbsd
dbus-libs
expat
libnih
linux-pam
popt
cgmanager
cgmanager-openrc
lz4-libs
lzo
squashfs-tools
libattr
rsync
rsync-openrc
shadow-uidmap
libseccomp
lxc-libs
lxc
lxc-openrc
libmnl
libnftnl-libs
iptables
iptables-openrc
ip6tables
ip6tables-openrc
dnsmasq
ca-certificates
tar
iproute2
libintl
libuv
lxd-libs
lxd
lxd-openrc
htop
libevent
tmux
shadow
lxc-bash-completion
lxc-doc
libgpg-error
libassuan
libffi
libmount
pcre
glib
libgcrypt
libsecret
pinentry
nghttp2-libs
libcurl
gnupg1
xz
wget
lxc-download
libaio
device-mapper-event-libs
lvm2-libs
lvm2
lvm2-openrc
libsmartcols
findmnt
libfdisk
util-linux
lxc-lvm
lxc-templates
krb5-conf
keyutils-libs
libverto
krb5-libs
libtirpc
zfs-libs
zfs
zfs-vanilla
zfs-openrc
libbz2
dpkg

It’s possible that Alpine isn’t running LXD configured in a way that the lxd group can use it.
It’s also possible that your shell isn’t currently in the lxd group despite your user being in it.

Can you show:

  • sudo ls -lh /var/lib/lxd/unix.socket
  • id
  • ps aux | grep lxd

ls -lh /var/lib/lxd/unix.socket
srw-rw---- 1 root root 0 Dec 9 04:26 /var/lib/lxd/unix.socket

uid=1000(xiyan) gid=1000(xiyan) groups=103(lxd),1000(xiyan)

I destroyed that server and I can’t reproduce the the problem since I deploy a new server and install it again but I got Error: Failed to create network ‘lxdbr0’: Failed to run: ip link add dev lxdbr0 type bridge: RTNETLINK answers: Not supported.

This is how I install it. I install it by root user, since I got permission error when use sudo.
su
vim /etc/apk/repositories
http://dl-cdn.alpinelinux.org/alpine/edge/main
http://dl-cdn.alpinelinux.org/alpine/edge/community
http://dl-cdn.alpinelinux.org/alpine/edge/testing

sudo apk update
sudo apk upgrade
sudo apk add lxd

#Enable and start the lxd service
sudo rc-update add lxd
sudo rc-service lxd start

#Configure System We’ll need to enable and start the cgroups service
sudo rc-update add cgroups
sudo rc-service cgroups start

sudo echo “session optional pam_cgfs.so -c freezer,memory,name=systemd,unified” >> /etc/pam.d/system-login

sudo echo “lxc.idmap = u 0 100000 65536” >> /etc/lxc/default.conf
sudo echo “lxc.idmap = g 0 100000 65536” >> /etc/lxc/default.conf

sudo echo “root:100000:65536” >> /etc/subuid
sudo echo “root:100000:65536” >> /etc/subgid

apk add shadow zfs
newgrp lxd

lxd init

Did anyone try lxd on alpine?

The tutorial that I followed.

For me it worked to uncomment following line in /etc/conf.d/lxd

# Group which owns the shared socket, used for unpriviledged containers
LXD_OPTIONS=" --group lxd"

I know it is 2022, but I came here looking for an answer, and maybe it does help someone else.

3 Likes

Thank you!