"lxd/unix.socket: connect: permission denied" until I sudo

LXD
1

Hi,

I have a problem for some time, can’t tell since what time, as I barely used lxd on the computer until now, so, for some time,lxc list will result in an error:

❯ lxc list
Error: Get “http://unix.socket/1.0”: dial unix /var/snap/lxd/common/lxd/unix.socket: connect: permission denied

Then, if I just sudo lxc list once, then lxc as my main user (not sudo) will work for the rest of the session.
After each reboot, I have to sudo once to overcome this permission error.

I have no idea where to look for… any idea ?

Thanks
Franck

2

What LXD version is this? lxc info?

3

Is your user a member of the lxd group?

4 
❯  lxc info
Error: Get "http://unix.socket/1.0": dial unix /var/snap/lxd/common/lxd/unix.socket: connect: permission denied

After a sudo, it works…

So…

❯  lxc version
Client version: 5.11
Server version: 5.11

❯  groups
franck adm cdrom sudo dip plugdev lpadmin lxd sambashare

And I am part of lxd group.

5

Also, here is what syslog shows:

❯ lxc list
Error: Get “http://unix.socket/1.0”: dial unix /var/snap/lxd/common/lxd/unix.socket: connect: permission denied

syslog says:

Mar 21 13:53:45 tibook systemd[6899]: Started snap.lxd.lxc.24ada696-7119-4568-a645-5b5290d5b5e5.scope.

❯ sudo lxc list
[Success… shows my containers]

syslog says:

Mar 21 13:54:04 tibook systemd[1]: Started snap.lxd.lxc.5b3d7244-295c-40ed-b5d8-e200b4668506.scope.
Mar 21 13:54:04 tibook kernel: [ 110.244771] audit: type=1400 audit(1679403244.431:168): apparmor=“DENIED” operation=“capable” class=“cap” profile=“sn
ap.lxd.lxc” pid=29629 comm=“lxc” capability=2 capname=“dac_read_search”
Mar 21 13:54:04 tibook kernel: [ 110.244774] audit: type=1400 audit(1679403244.431:169): apparmor=“DENIED” operation=“capable” class=“cap” profile=“sn
ap.lxd.lxc” pid=29629 comm=“lxc” capability=1 capname=“dac_override”
Mar 21 13:54:04 tibook lxd.daemon[29832]: Running constructor lxcfs_init to reload liblxcfs
Mar 21 13:54:09 tibook systemd[1]: snap.lxd.lxc.5b3d7244-295c-40ed-b5d8-e200b4668506.scope: Deactivated successfully.