This is cool - running snaps in LXD unprivileged containers

bmullan · January 19, 2018, 7:51pm

Maybe this is only news to me but I just learned that you can easily run SNAPs in LXD unprivileged containers.

I wanted to run NextCloud in an LXD container. Thought I’d try it with the NextCloud SNAP since its current version.

$ lxc launch ubuntu: nextcloud

$ lxc exec nextcloud bash

now while logged into the nextcloud container as root update/upgrade

root@nextcloud:~# apt update && apt upgrade -y

important: install squashfuse

root@nextcloud:~# apt install squashfuse

install SNAP

root@nextcloud:~# apt install snap

finally install the NextCloud Snap

root@nextcloud:~# snap install nextcloud

when that’s done start your Host’s browser and point it to the IP address of the nextcloud container

The 1st login to NextCloud creates the Admin Account.

After that you are all set.

Anyway I thought this was cool

It opens up the possibility of running many/most of the currently available SNAPs in LXD containers really easily:

https://uappexplorer.com/snaps

simos · January 19, 2018, 9:38pm

What is missing, is people writing about this. Therefore, it was great you posted it.

The package should be squashfuse instead. At least, that’s the name for the Ubuntu 16.04 cloud image.
Ideally, this package should be preinstalled in the Ubuntu cloud image.

Another difference between snaps on host and snaps on an LXD unprivileged container, is that now you need to sudo snap install (that is, add sudo when you do not need sudo on the host).

1111 · August 30, 2018, 3:31am

on ubuntu 18.04 container: install squashfuse with fuse “sudo apt install squashfuse fuse”, install snapd instead of snap “apt install snapd”. everything else fine.

Richard_South · June 25, 2019, 12:36pm

Thank you for this! - I have one question though - I now have this working but I can only access the NextCoud instance on the laptop I installed it on - How do I get at it from (for example) the phone app (even if it’s just on the same WiFi as the host)? What settings do I need to put in? Do I need to do something on my wifi router? - Thanks again for the post, it’s exactly what I was looking for.

simos · June 25, 2019, 2:24pm

Hi Richard!

To expose the nextcloud instance to the LAN, there are a few options.
In your case with WLAN (WiFi LAN), you can use a LXD proxy device to expose the port 80 of the next cloud instance to port 80 of the host. Let’s assume at the container is called “mynextcloud”.
Then, run on the host

lxc config device add mynextcloud port80 proxy listen=tcp:0.0.0.0:80 connect=tcp:127.0.0.1:80

This command will listen for connections on the host at port 80, and then proxy them to the container mynextcloud to port 80.

Richard_South · June 26, 2019, 2:16pm

Thank you!! I’ll give this a try. Do I need to set listen=tcp:0.0.0.0:80 to my NextCloud container IP or do I just copy the whole thing replacing the container name only?

stgraber · June 26, 2019, 3:45pm

Only container name needs changing, 0.0.0.0:80 will cause all addresses on your host to be listened on, 127.0.0.1:80 is the target address in the container on which nextcloud should already be listening.

Richard_South · July 4, 2019, 9:40am

Sorry for the late reply. Thank you so much for all your help - it’s all up and running

Miso-K · June 30, 2020, 6:32am

Hi,
I want to install latest LXD in ubuntu container from snap.
I have lxd on ubuntu 18.04 but I am getting error with apparmor.

error: system does not fully support snapd: apparmor detected but insufficient permissions to use it

I try to set apparmor profile but it doesn’t help.

security.nesting: “true”
raw.lxc: lxc.apparmor.profile=uncofined

Miso-K · July 2, 2020, 7:14am

Hi,
I found how to fix this from another post.
Just use mount -t tmpfs tmpfs /sys/kernel/security/ and service snapd restart.
After that snap is working.

Kaman_Wu · November 15, 2020, 6:07pm

important: install squashfuse

May I ask why? I did NOT install squashfuse. Looks everything still working.

simos · November 15, 2020, 8:53pm

Hi!

That was an old post, probably targeting Ubuntu 18.04.
Are you trying with Ubuntu 20.04?

stgraber · November 15, 2020, 9:02pm

I packaged squashfuse and did the snapd integration so all this would work quite a few years ago. Since then, snapd has actually been changed to include its own build of squashfuse as snapfuse, making this step no longer necessary.

Kaman_Wu · November 15, 2020, 10:43pm

Yes. I am using 20.04.
When I install squashfuse. I saw it always running and use lots of CPU.
After I remove it. I saw “snapfuse” is running and CPU usage is much better.