Installing ubuntu-core snap inside a LXD container fails

Stéphane Graber stephane.graber at canonical.com
Tue Jun 7 16:36:31 UTC 2016


On Wed, Jun 08, 2016 at 01:31:06AM +0900, Mark Shuttleworth wrote:
> On 07/06/16 23:14, Claudio André wrote:
> > 2016-06-07 9:37 GMT-03:00 Sujeevan (svij)
> > Vijayakumaran <svij at ubuntu.com <mailto:svij at ubuntu.com>>: 
> >
> >     > That's because snapd tickles the kernel in a way that blows[...]
> >
> >
> > That is interesting. Where I can find more about the 'tickles'? My
> > motivation:
> > - I'm seeing closed source software behaves badly, e.g, AMD software
> > prints.
> >
> >   Internal Error:  as failed
> >   Codegen phase failed compilation.
> >
> > If I know what the  'tickles' mean, I might be able to do something.  
> > Thanks.
> 
> I think it has to do with nesting kernel structures related to security
> (LXD sets those up, then snapd wants to tweak them again), but a much
> clearer answer would come from Stephane cc'd.
> 
> Mark

Hi,

Containers cannot mount squashfs file systems, or setup loop mounts or
setup apparmor profiles. All of which are required to get a snap
running.

All of the above are blocked by the kernel as unsafe to use by an
unprivileged user (which you are in a LXD container).


My team is actively working on some kernel changes and some changes to
snapd itself to allow this to work in the near future.

Stéphane

> 
> 
> >
> > 2016-06-07 8:41 GMT-03:00 Sujeevan (svij) Vijayakumaran
> > <svij at ubuntu.com <mailto:svij at ubuntu.com>>:
> >
> >     Hello!
> >
> >     I'm trying to install a snap inside a freshly created LXD container,
> >     which isn't possible:
> >
> >     -----
> >     ubuntu at snap-test:~$ sudo snap install
> >     taskwarrior_2.5.1-snap0_amd64.snap
> >     64.75 MB / 64.75 MB
> >     [========================================================================]
> >     100.00 % 5.38 MB/s
> >
> >     error: cannot perform the following tasks:
> >     - Mount snap "ubuntu-core" ([start snap-ubuntu\x2dcore-122.mount]
> >     failed
> >     with exit status 1: Job for snap-ubuntu\x2dcore-122.mount failed. See
> >     "systemctl status "snap-ubuntu\\x2dcore-122.mount"" and
> >     "journalctl -xe"
> >     for details.
> >     )
> >     ubuntu at snap-test:~$ systemctl status "snap-ubuntu\\x2dcore-122.mount"
> >     ● snap-ubuntu\x2dcore-122.mount - Squashfs mount unit for ubuntu-core
> >        Loaded: loaded (/etc/systemd/system/snap-ubuntu\x2dcore-122.mount;
> >     enabled; vendor preset: enabled)
> >        Active: failed (Result: exit-code) since Tue 2016-06-07
> >     11:32:13 UTC;
> >     16s ago
> >         Where: /snap/ubuntu-core/122
> >          What: /var/lib/snapd/snaps/ubuntu-core_122.snap
> >       Process: 8584 ExecMount=/bin/mount
> >     /var/lib/snapd/snaps/ubuntu-core_122.snap /snap/ubuntu-core/122
> >     (code=exited, status=32)
> >
> >     Jun 07 11:32:13 snap-test systemd[1]: Mounting Squashfs mount unit for
> >     ubuntu-core...
> >     Jun 07 11:32:13 snap-test mount[8584]: mount: /snap/ubuntu-core/122:
> >     mount failed: Unknown error -1
> >     Jun 07 11:32:13 snap-test systemd[1]: snap-ubuntu\x2dcore-122.mount:
> >     Mount process exited, code=exited status=32
> >     Jun 07 11:32:13 snap-test systemd[1]: Failed to mount Squashfs mount
> >     unit for ubuntu-core.
> >     Jun 07 11:32:13 snap-test systemd[1]: snap-ubuntu\x2dcore-122.mount:
> >     Unit entered failed state.
> >     ------
> >
> >     It works fine if it's not inside a LXD container. Is this an issue
> >     with
> >     LXD or with snapd or am I missing something?
> >
> >     Also: Why is there an "ugly" \x2d (which seems to be a hypen-minus) in
> >     the systemd-file rather than a "normal" minus?
> >
> >     Cheers,
> >     Sujeevan
> >
> >     --
> >     Snapcraft mailing list
> >     Snapcraft at lists.ubuntu.com <mailto:Snapcraft at lists.ubuntu.com>
> >     Modify settings or unsubscribe at:
> >     https://lists.ubuntu.com/mailman/listinfo/snapcraft
> >
> >
> >
> >
> 

-- 
Stéphane Graber
Ubuntu developer
http://www.canonical.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <https://lists.ubuntu.com/archives/snapcraft/attachments/20160607/9bddf165/attachment.sig>


More information about the Snapcraft mailing list