--preseed stdin handling

l33tname · January 5, 2023, 3:35pm

Why can lxd not read from stdin?

root@vast-oyster:~# /snap/bin/lxd init --preseed < config.yml 
Error: Failed to read from stdin: read /dev/stdin: permission denied

While cat does the right thing (config content abbreviated)

root@vast-oyster:~# cat < config.yml 
config: {}

and this works as well:

root@vast-oyster:~# cat config.yml | /snap/bin/lxd init --preseed

Is that a bug or intended behavior?
Reason to use the first on is that shellchecker correctly complains about useless cat usage.
(ShellCheck: SC2002 – Useless cat. Consider `cmd < file | ..` or `cmd file | ..` instead.)

stgraber · January 5, 2023, 7:41pm

It’s a snapd bug/issue.

Basically /snap/bin/lxd init --preseed < config.yml means that lxd through snap-confine must have access to config.yml so it can be read. This file is probably somewhere that snap-confine isn’t allowed to read from, causing the issue. You should be able to confirm that by looking for DENIED entries in dmesg.

cat config.yml | lxd init --pressed achieves the same, but in this case, cat on the host (unconfined) reads the file and then passes it through a PIPE to /dev/stdin of lxd. snap-confine is allowed to read from /dev/stdin, so this works properly.