group.of.nepali.translators team mailing list archive
-
group.of.nepali.translators team
-
Mailing list archive
-
Message #08130
[Bug 1630789] Re: normal users can't run snaps inside of LXD containers
This bug was fixed in the package snap-confine - 1.0.43-0ubuntu1
---------------
snap-confine (1.0.43-0ubuntu1) yakkety; urgency=medium
* New upstream release (LP: #1630479, LP: #1630492, LP: #1628612)
* debian/patches/lp1630789.patch: allow running snaps by non-root users in
LXD containers (LP: #1630789)
-- Jamie Strandboge <jamie@xxxxxxxxxx> Thu, 06 Oct 2016 12:29:59 +0000
** Changed in: snap-confine (Ubuntu)
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1630789
Title:
normal users can't run snaps inside of LXD containers
Status in Snappy Launcher:
Fix Committed
Status in Snappy:
In Progress
Status in snap-confine package in Ubuntu:
Fix Released
Status in snapd package in Ubuntu:
Triaged
Status in snap-confine source package in Xenial:
Fix Committed
Bug description:
The kernel (4.8.0-19.21), apparmor (2.10.95-4ubuntu5), and lxd
(2.4-0ubuntu1) needed for running snaps inside of LXD containers (bug
#1611078) have all landed in Yakkety. We should be able to install
squashfuse and snapd 2.16+16.10 (from yakkety-proposed) and then run
snaps inside of unprivileged LXD containers.
I have verified that it works well for the root user inside of the
container but there are some issues when a normal user attempts to run
a snap command.
# Create yakkety container named "yakkety"
tyhicks@host:~$ lxc launch ubuntu-daily:devel yakkety
Creating yakkety
Starting yakkety
# Enter the container, enable yakkety-proposed, update, install the dependencies
tyhicks@host:~$ lxc exec yakkety bash
root@yakkety:~# echo "deb http://archive.ubuntu.com/ubuntu/ \
yakkety-proposed restricted main multiverse universe" > \
/etc/apt/sources.list.d/proposed.list
root@yakkety:~# echo -e "Package: *\nPin: release a=yakkety-proposed\n\
Pin-Priority: 400" > /etc/apt/preferences.d/proposed-updates
root@yakkety:~# apt-get update && apt-get dist-upgrade -y
...
root@yakkety:~# apt-get install -y squashfuse snapd/yakkety-proposed
...
# Rebooting the container should not be needed but is done for completeness
root@yakkety:~# reboot
tyhicks@host:~$ lxc exec yakkety bash
# Install the hello-world snap
root@yakkety:~# snap install hello-world
hello-world (stable) 6.3 from 'canonical' installed
# Snap commands work fine as root inside the container but not as a normal user
root@yakkety:~# /snap/bin/hello-world.env
SNAP_USER_COMMON=/root/snap/hello-world/common
...
root@yakkety:~# su - ubuntu -c '/snap/bin/hello-world.env'
internal error, please report: running "hello-world.env" failed: open /snap/hello-world/27/meta/snap.yaml: permission denied
# The normal user can't access /snap/hello-world/27 because of some oddness with the
# dentry
root@yakkety:~# ls -al /snap/hello-world
total 8
drwxr-xr-x 3 root root 4096 Oct 5 21:09 .
drwxr-xr-x 5 root root 4096 Oct 5 21:09 ..
drwxrwxr-x 4 root root 0 Jul 11 21:20 27
lrwxrwxrwx 1 root root 2 Oct 5 21:09 current -> 27
root@yakkety:~# su - ubuntu -c 'ls -al /snap/hello-world'
ls: cannot access '/snap/hello-world/27': Permission denied
total 8
drwxr-xr-x 3 root root 4096 Oct 5 21:09 .
drwxr-xr-x 5 root root 4096 Oct 5 21:09 ..
d????????? ? ? ? ? ? 27
lrwxrwxrwx 1 root root 2 Oct 5 21:09 current -> 27
To manage notifications about this bug go to:
https://bugs.launchpad.net/snap-confine/+bug/1630789/+subscriptions
