Install snap package into lxd container?


(Giorgos) #1

Hello, I have a server with multiple lxds, is it possible to install a snap package inside a container?
Ubuntu 16.04.2
kernel 4.8.14-apparmor-2
lxd --version 2.0.9


(Stéphane Graber) #2

It is, but you should update your LXD to 2.0.10 (currently in updates) and you'll have to make sure to install the "squashfuse" package in your container to get things working.

I'm also not recognizing that particular kernel, so it's possible that your kernel may lack some of the apparmor nesting support that's needed to get this to work. The original Ubuntu 4.4.0 kernel from Ubuntu 16.04 does support what's needed (we backported the needed bits).


(Dustin Krysak) #3

Sorry - just popping in on this. I’m building snaps in an LXD container. When I try to do so, it states that it needs the “core” snap. That’s all good.

So when I try to install said snap, I am getting:

# snap install core
error: cannot perform the following tasks:
- Setup snap "core" (4110) security profiles (cannot setup udev for snap "core": cannot reload udev rules: exit status 2
udev output:
)
- Setup snap "core" (4110) security profiles (cannot reload udev rules: exit status 2
udev output:
)

Now the way I set this up is that (so snapcraft and squashfuse are installed on creation):

  • created a “snapcraft” LXD profile
config:
  user.user-data: |
    #cloud-config
    packages: [snapcraft, fish, squashfuse]
description: Default Snapcraft LXD profile
devices:
  eth0:
    nictype: bridged
    parent: lxdbr0
    type: nic
  root:
    path: /
    pool: default
    type: disk
name: snapcraft
  • Then I am creating a container with:
lxc launch ubuntu:16.04 [NAME] --profile snapcraft -c security.privileged=true -c security.nesting=true && lxc config device add [NAME] homedir disk source=/path/to/snap/proj path=/root/proj
  • Then I am simply jumping into the container with lxc exec [NAME] -- bash
  • cd proj && snapcraft
  • Then I get the error.

Software versions:

Host

$ lxd --version
2.21
$ snap --version
snap    2.31.1
snapd   2.31.1
series  16
ubuntu  17.10
kernel  4.13.0-36-generic
$ snapcraft --version
snapcraft, version 2.39.2

In container:

# snapcraft --version
snapcraft, version 2.39.3+really2.35
# squashfuse --version
FUSE library version: 2.9.4
squashfuse 0.1.100 (c) 2012 Dave Vasilevsky
# snap --version
snap    2.29.4.2
snapd   2.29.4.2
series  16
ubuntu  16.04
kernel  4.13.0-36-generic

So I must be missing something… pointers?


(Stéphane Graber) #4

There’s something weird going on with the core snap inside privileged containers, usually installing it twice in a row makes it work, did you try that? :slight_smile:

Anyway, we could certainly do with a bug against snapd for this as it’s been a somewhat recurring issue for a while now.


(Dustin Krysak) #5

Hi there. I had just tried a single install. That did work after multiple install attempts.

I have created the bug as requested. Please see here: https://github.com/lxc/lxd/issues/4308

Thanks for the assist!