We got the same output, so it does not look like a snap
core
issue.
You can get a shell as the lxd
snap, then go and run lxc
directly.
snap run --shell lxd
cd /snap/lxd/current/
./command-lxc.wrapper list
With that command, I get my list of the containers. You probably get that error on aa-exec
.
Here is the code that invokes aa-exec
(in /snap/lxd/current/commands/lxc):
# Re-exec outside of apparmor confinement
if [ -d /sys/kernel/security/apparmor ] && [ "$(cat /proc/self/attr/current)" != "unconfined" ]; then
exec aa-exec -p unconfined -- "$0" "$@"
fi
Let’s run directly aa-exec
, the one from the core
image of snap
:
bash-4.3$ /snap/core/current/usr/sbin/aa-exec
bash: /snap/core/current/usr/sbin/aa-exec: Permission denied
Weird. I also get Permission denied on the aa-exec
of the Ubuntu Core.
Let’s run aa-exec
as is. It works for me. Weirdly, it says that it’s in /usr/sbin/aa-exec
.
bash-4.3$ aa-exec
USAGE: aa-exec [OPTIONS] <prog> <args>
Confine <prog> with the specified PROFILE.
OPTIONS:
-p PROFILE, --profile=PROFILE PROFILE to confine <prog> with
-n NAMESPACE, --namespace=NAMESPACE NAMESPACE to confine <prog> in
-d, --debug show messages with debugging information
-i, --immediate change profile immediately instead of at exec
-v, --verbose show messages with stats
-h, --help display this help
bash-4.3$ which aa-exec
/usr/sbin/aa-exec
But, earlier, I run (as root, in a different terminal) the command sudo mv /usr/sbin/aa-exec /usr/sbin/aa-exec.stashed-away
. What gives?
Let’s compare the two aa-exec
files!
Strange, it can still find the aa-exec
even if I renamed it. Perhaps it has somewhat opened it or something?
But it cannot find the /usr/sbin/aa-exec.stashed-away
.
bash-4.3$ ls -l /usr/sbin/aa-exec
-rwxr-xr-x 1 0 0 22696 Feb 21 13:36 /usr/sbin/aa-exec
bash-4.3$ ls -l /usr/sbin/aa-exec.stashed-away
ls: cannot access '/usr/sbin/aa-exec.stashed-away': No such file or directory
bash-4.3$
Okay, so the /usr/sbin/aa-exec
we are seeing as a lxd
snap user, is not the system’s /usr/sbin/aa-exec
. It is likely the one in the core
image:
bash-4.3$ ls -l /snap/core/current/usr/sbin/aa-exec
-rwxr-xr-x 1 0 0 22696 Feb 21 13:36 /snap/core/current/usr/sbin/aa-exec
bash-4.3$
It looks like there is some chroot
-style magic when you do the snap run --shell lxd
, which makes /snap/core/current/
the new root directory.
Something is not working properly in your case, hence the issue.
Which distro are you running?