Aug 20 12:04:14 warm-killdeer systemd[1]: Unmounting Mount unit for lxd, revision 21260...
ββ Subject: A stop job for unit snap-lxd-21260.mount has begun execution
ββ Defined-By: systemd
ββ Support: https://www.debian.org/support
ββ
ββ A stop job for unit snap-lxd-21260.mount has begun execution.
ββ
ββ The job identifier is 623.
Aug 20 12:04:14 warm-killdeer umount[7461]: umount: /snap/lxd/21260: not mounted.
Aug 20 12:04:14 warm-killdeer systemd[1]: snap-lxd-21260.mount: Mount process exited, code=exited, status=32/n/a
ββ Subject: Unit process exited
ββ Defined-By: systemd
ββ Support: https://www.debian.org/support
ββ
ββ An n/a= process belonging to unit snap-lxd-21260.mount has exited.
ββ
ββ The process' exit code is 'exited' and its exit status is 32.
Aug 20 12:04:14 warm-killdeer systemd[1]: Failed unmounting Mount unit for lxd, revision 21260.
ββ Subject: A stop job for unit snap-lxd-21260.mount has finished
ββ Defined-By: systemd
ββ Support: https://www.debian.org/support
ββ
ββ A stop job for unit snap-lxd-21260.mount has finished.
ββ
ββ The job identifier is 623 and the job result is failed.
Aug 20 12:04:14 warm-killdeer systemd[1]: snapd.service: Got notification message from PID 7460, but reception only permitted for main PID 6337
Aug 20 12:04:14 warm-killdeer snapd[6337]: taskrunner.go:271: [change 6 "Mount snap \"lxd\" (21260)" task] failed: [stop snap-lxd-21260.mount] failed with exit status 1: Job failed. See "journalctl -xe" for details.
Aug 20 12:04:14 warm-killdeer systemd[1]: Cannot find unit for notify message of PID 7463, ignoring.
Aug 20 12:04:38 warm-killdeer snapd[6337]: handlers.go:511: Reported install problem for "lxd" as c4bb44b6-01ae-11ec-a3c3-fa163e102db1 OOPSID
Yeah, this is quite confusingβ¦ I poked at it for a bit but didnβt find an obvious solution.
So far what Iβve noticed:
Debian 11 forces the use of cgroup2 in systemd. This causes the container to only get access to the bare minimal cgroup setup, no controllers are available which will most likely confused snapd (that relies on the freezer cgroup). This can be worked around with raw.lxc="lxc.init.cmd=/sbin/init systemd.unified_cgroup_hierarchy=0"
For some reason, the mount ordering is incorrect. Snapd is supposed to setup a snap.mount entry which causes /snap to be mounted over itself and then be marked as MS_SHARED|MS_REC. This does happen, but AFTER some of the snaps were already mounted. This over-mounting masks some of the entries and causes the mount errors youβre reporting.
Even when those two behave, the snap appears unable to access /run/snapd-snap.socket, getting permission denied. I couldnβt find any apparmor rejection which would explain that one. It could be another mount issue where the snap is somehow getting a different view of /run, or it could be an issue with apparmor inside of the Debian container not generating a profile which properly allows it to work.
I kinda ran out of time to investigate it at this point. Itβd be interesting to see if an older Debian release hits the same issue as well as maybe trying the Ubuntu development release to see if that also starts hitting problems, this may help pin point the rest of the issues.
I had some time to test older Debian releases namely 9 (stretch) and 10 (buster) with and without raw.lxc="lxc.init.cmd=/sbin/init systemd.unified_cgroup_hierarchy=0".
Both fail similar and are unable to snap install lxd.
Debian 9:
root@beloved-buffalo:~# snap install lxd
error: cannot perform the following tasks:
- Mount snap "core" (11606) ([start snap-core-11606.mount] failed with exit status 1: Job for snap-core-11606.mount failed.
See "systemctl status snap-core-11606.mount" and "journalctl -xe" for details.
)
root@beloved-buffalo:~# snap install lxd
error: cannot perform the following tasks:
- Mount snap "core" (11606) ([start snap-core-11606.mount] failed with exit status 1: Job for snap-core-11606.mount failed.
See "systemctl status snap-core-11606.mount" and "journalctl -xe" for details.
)
Debian 10:
root@live-crow:~# snap install lxd
error: cannot perform the following tasks:
- Mount snap "lxd" (21390) (snap "lxd" assumes unsupported features: snapd2.39 (try to update snapd and refresh the core snap))
root@live-crow:~# snap install core
error: cannot perform the following tasks:
- Setup snap "core" (11606) security profiles (cannot setup udev for snap "core": cannot reload udev rules: exit status 1
udev output:
)
- Setup snap "core" (11606) security profiles (cannot reload udev rules: exit status 1
udev output:
)
root@live-crow:~# snap install lxd
error: cannot perform the following tasks:
- Mount snap "lxd" (21390) (snap "lxd" assumes unsupported features: snapd2.39 (try to update snapd and refresh the core snap))
So my best guess is this never worked and is a general issue with snap inside a debian lxd container.