A first heads-up on a bug I just encountered with nested LXD using snap. After updating snapd to 2.59.1, something causes lxd to no longer work. The error on running containers that were updated is:
execv failed: Permission denied
And after reboot or rebuilding a fresh container it is:
The environment uses the included docker profile for the container and some manual workarounds for apparmor. I have not yet checked if these specifics impact the case.
This quick workaround on the container confirmed to fix the situation:
sudo snap revert snapd # go back to 2.58.2
Sorry about the brevity, I will be available to provide more information tomorrow if needed.
I have diagnosed the condition to be caused by the apparmor_parser command in combination with the snapd update.
It is easily reproducible as:
lxc launch ubuntu: c1 -p default -p docker
lxc exec c1 bash # the following are inside the container
snap refresh # required until the image comes with the new snap version
apparmor_parser --add /var/lib/snapd/apparmor/profiles/snap*
lxc
I am not sure yet if that apparmor workaround itself is needed anymore. It was originally related to some further nesting problems and adapted from this source:
Thanks for posting this as it helped me out. FYI, the snapstore no longer publishes snapd 2.58.3. That means new containers that you want to do nested lxd within will not work until you can install 2.58.3. (The revert command wont work because its a fresh install and there is nothing to revert to.). If you have a machine that does have 2.58.3, you can grab the snap and install it manually.
note this works for me because I am just launching another container of the same os and same architecture on the same host. I cannot speak to how portable the snapd_.snap is…
This great. I made a backup of the working snap using your trick, and now I can also deploy more containers until I get to investigate the full solution or the upstream snapd gets fixed.