For some background I’m running software inside containers, inside each container is a daemon which accepts connections via a UNIX socket located at
/var/run/crated.sock. The daemon runs as root, spawning and managing child processes.
This worked fine with the configuration like so without issues:
crated: connect: unix:/var/run/crated.sock gid: "1000" listen: unix:/var/lib/battlecrate-depot/daemons/inst1-crated.sock type: proxy uid: "1000"
I’ve noticed however that my new install of LXD is returning an end of stream attempting to connect with the host-side UNIX socket. The proxy log looks like this:
Warning: Failed to connect to target: dial unix /var/run/crated.sock: connect: permission denied Warning: Failed to prepare new listener instance: dial unix /var/run/crated.sock: connect: permission denied
I thought it might be a permissions error on the container side, but even setting the permissions to 777 didn’t seem to resolve the problem.
srwxrwxrwx 1 root root 0 Oct 14 22:22 crated.sock
Looking around can’t seem to find any information on what to try next here, some posts recently indicate it might be AppArmor tightening some poor security on my part. If I connect with socat inside the container the Unix socket is working fine. Any ideas? Thanks.