group.of.nepali.translators team mailing list archive

Thread
Date
[Bug 1630789] Re: normal users can't run snaps inside of LXD containers

To: group.of.nepali.translators@xxxxxxxxxxxxxxxxxxx
From: Launchpad Bug Tracker <1630789@xxxxxxxxxxxxxxxxxx>
Date: Fri, 07 Oct 2016 05:29:59 -0000
Reply-to: Bug 1630789 <1630789@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx
This bug was fixed in the package snapd - 2.16+16.10ubuntu1

---------------
snapd (2.16+16.10ubuntu1) yakkety; urgency=medium

  * systemd/systemd.go, systemd/systemd_test.go: Correct the mount arguments
    when mounting with squashfuse (LP: #1630789)

 -- Tyler Hicks <tyhicks@xxxxxxxxxxxxx>  Thu, 06 Oct 2016 18:49:40 +0000

** Changed in: snapd (Ubuntu)
       Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1630789

Title:
  normal users can't run snaps inside of LXD containers

Status in Snappy Launcher:
  Fix Committed
Status in Snappy:
  In Progress
Status in snap-confine package in Ubuntu:
  Fix Released
Status in snapd package in Ubuntu:
  Fix Released
Status in snap-confine source package in Xenial:
  Fix Committed

Bug description:
  The kernel (4.8.0-19.21), apparmor (2.10.95-4ubuntu5), and lxd
  (2.4-0ubuntu1) needed for running snaps inside of LXD containers (bug
  #1611078) have all landed in Yakkety. We should be able to install
  squashfuse and snapd 2.16+16.10 (from yakkety-proposed) and then run
  snaps inside of unprivileged LXD containers.

  I have verified that it works well for the root user inside of the
  container but there are some issues when a normal user attempts to run
  a snap command.

  # Create yakkety container named "yakkety"
  tyhicks@host:~$ lxc launch ubuntu-daily:devel yakkety
  Creating yakkety
  Starting yakkety

  # Enter the container, enable yakkety-proposed, update, install the dependencies
  tyhicks@host:~$ lxc exec yakkety bash
  root@yakkety:~# echo "deb http://archive.ubuntu.com/ubuntu/ \
  yakkety-proposed restricted main multiverse universe" > \
  /etc/apt/sources.list.d/proposed.list
  root@yakkety:~# echo -e "Package: *\nPin: release a=yakkety-proposed\n\
  Pin-Priority: 400" > /etc/apt/preferences.d/proposed-updates
  root@yakkety:~# apt-get update && apt-get dist-upgrade -y
  ...
  root@yakkety:~# apt-get install -y squashfuse snapd/yakkety-proposed
  ...

  # Rebooting the container should not be needed but is done for completeness
  root@yakkety:~# reboot
  tyhicks@host:~$ lxc exec yakkety bash

  # Install the hello-world snap
  root@yakkety:~# snap install hello-world
  hello-world (stable) 6.3 from 'canonical' installed

  # Snap commands work fine as root inside the container but not as a normal user
  root@yakkety:~# /snap/bin/hello-world.env
  SNAP_USER_COMMON=/root/snap/hello-world/common
  ...
  root@yakkety:~# su - ubuntu -c '/snap/bin/hello-world.env'
  internal error, please report: running "hello-world.env" failed: open /snap/hello-world/27/meta/snap.yaml: permission denied

  # The normal user can't access /snap/hello-world/27 because of some oddness with the
  # dentry
  root@yakkety:~# ls -al /snap/hello-world
  total 8
  drwxr-xr-x 3 root root 4096 Oct  5 21:09 .
  drwxr-xr-x 5 root root 4096 Oct  5 21:09 ..
  drwxrwxr-x 4 root root    0 Jul 11 21:20 27
  lrwxrwxrwx 1 root root    2 Oct  5 21:09 current -> 27
  root@yakkety:~# su - ubuntu -c 'ls -al /snap/hello-world'
  ls: cannot access '/snap/hello-world/27': Permission denied
  total 8
  drwxr-xr-x 3 root root 4096 Oct  5 21:09 .
  drwxr-xr-x 5 root root 4096 Oct  5 21:09 ..
  d????????? ? ?    ?       ?            ? 27
  lrwxrwxrwx 1 root root    2 Oct  5 21:09 current -> 27

To manage notifications about this bug go to:
https://bugs.launchpad.net/snap-confine/+bug/1630789/+subscriptions