Hi all! I’ve just installed Incus 6.2 for testing on an Ubuntu 24.04 server and I’m facing the following error when trying to run snaps inside a container:
pachulo@server:~$ incus launch images:ubuntu/24.04 test-snaps
pachulo@server:~$ incus exec test-snaps -- su --login ubuntu
ubuntu@test-snaps:~$ sudo apt install snapd
ubuntu@test-snaps:~$ sudo snap install hello-world
ubuntu@test-snaps:~$ hello-world
cannot perform operation: mount -t devpts --make-slave --make-private -o acl,relatime,kernmount,iversion,active,nouser,0xffffffff00000000 devpts /dev/pts: Permission denied
What am I doing wrong?
Thanks!
stgraber
July 1, 2024, 5:31pm
2
Hmm, try security.nesting=true on the container, that will most likely sort that one out.
pachulo
July 1, 2024, 11:01pm
3
It did the trick, thanks a lot!
I will ask on their forums, to try to understand why is now needed.
Hello,
stgraber
July 9, 2024, 6:59pm
5
Note that we’ve got Allow devpts mounts by stgraber · Pull Request #977 · lxc/incus · GitHub which will be in Incus 6.3 and may help with this too. Apparently AppArmor on Ubuntu 24.04 started flagging things that didn’t use to be flagged.
pachulo
July 13, 2024, 8:23pm
6
I just wanted to confirm that with the Incus update to 6.3, snaps now work on containers without security.nesting=true! Thanks a lot @stgraber !
3 Likes