Ubuntu Security is working on AppArmor changes to allow, among other
things, snap-confine to load AppArmor profiles inside of LXD containers.

** Summary changed:

- could not install hello-world snap in lxd container
+ Support snaps inside of lxd containers

** Changed in: apparmor (Ubuntu)
Status: Triaged => In Progress

** Also affects: lxd (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1611078

Title:
Support snaps inside of lxd containers

To manage notifications about this bug go to:
https://bugs.launchpad.net/snappy/+bug/1611078/+subscriptions

I believe that LXD changes will be needed, as well. I'll let Stéphane
set the status and importance as he sees fit.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1611078

Title:
Support snaps inside of lxd containers

To manage notifications about this bug go to:
https://bugs.launchpad.net/snappy/+bug/1611078/+subscriptions

Yeah, LXD will need updating but we're already tracking this work and
actually have it all ready to merge as soon as your team delivers a
working kernel.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1611078

Title:
Support snaps inside of lxd containers

To manage notifications about this bug go to:
https://bugs.launchpad.net/snappy/+bug/1611078/+subscriptions

We can't merge it before then as there's currently no way for us to
detect a broken kernel vs a good kernel, so merging this work would
effectively break all LXD users on a kernel that pretends to support
namespacing and stacking, such as the 16.04 release kernel.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1611078

Title:
Support snaps inside of lxd containers

To manage notifications about this bug go to:
https://bugs.launchpad.net/snappy/+bug/1611078/+subscriptions

** Changed in: lxd (Ubuntu)
Status: New => In Progress

** Changed in: lxd (Ubuntu)
Importance: Undecided => Critical

** Changed in: lxd (Ubuntu)
Status: In Progress => Fix Committed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1611078

Title:
Support snaps inside of lxd containers

To manage notifications about this bug go to:
https://bugs.launchpad.net/snappy/+bug/1611078/+subscriptions

** Changed in: lxd (Ubuntu)
Assignee: (unassigned) => Stéphane Graber (stgraber)

** Changed in: snappy
Status: New => Fix Committed

** Changed in: snappy
Assignee: (unassigned) => Stéphane Graber (stgraber)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1611078

Title:
Support snaps inside of lxd containers

To manage notifications about this bug go to:
https://bugs.launchpad.net/snappy/+bug/1611078/+subscriptions

** Bug watch added: LXD bug tracker #1942
https://github.com/lxc/lxd/issues/1942

** Also affects: lxd via
https://github.com/lxc/lxd/issues/1942
Importance: Unknown
Status: Unknown
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1611078

Title:
Support snaps inside of lxd containers

To manage notifications about this bug go to:
https://bugs.launchpad.net/lxd/+bug/1611078/+subscriptions

** Tags added: nova-lxd
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1611078

Title:
Support snaps inside of lxd containers

To manage notifications about this bug go to:
https://bugs.launchpad.net/lxd/+bug/1611078/+subscriptions

** Also affects: linux (Ubuntu)
Importance: Undecided
Status: New

** Changed in: linux (Ubuntu)
Importance: Undecided => Critical

** Changed in: linux (Ubuntu)
Status: New => In Progress

** Changed in: linux (Ubuntu)
Assignee: (unassigned) => John Johansen (jjohansen)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1611078

Title:
Support snaps inside of lxd containers

To manage notifications about this bug go to:
https://bugs.launchpad.net/lxd/+bug/1611078/+subscriptions

** Changed in: linux (Ubuntu)
Status: In Progress => Fix Committed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1611078

Title:
Support snaps inside of lxd containers

To manage notifications about this bug go to:
https://bugs.launchpad.net/lxd/+bug/1611078/+subscriptions

John has gotten all of the AppArmor kernel changes merged into the
Yakkety kernel and my apparmor userspace upload is making its way
through the autopkgtests.

** Changed in: apparmor (Ubuntu)
Status: In Progress => Fix Committed

** Changed in: apparmor (Ubuntu)
Assignee: Ubuntu Security Team (ubuntu-security) => Tyler Hicks (tyhicks)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1611078

Title:
Support snaps inside of lxd containers

To manage notifications about this bug go to:
https://bugs.launchpad.net/lxd/+bug/1611078/+subscriptions

apparmor 2.10.95-4ubuntu5 has landed in Yakkety.

** Changed in: apparmor (Ubuntu)
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1611078

Title:
Support snaps inside of lxd containers

To manage notifications about this bug go to:
https://bugs.launchpad.net/lxd/+bug/1611078/+subscriptions

** Changed in: lxd (Ubuntu)
Status: Fix Committed => Fix Released

** No longer affects: lxd
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1611078

Title:
Support snaps inside of lxd containers

To manage notifications about this bug go to:
https://bugs.launchpad.net/snappy/+bug/1611078/+subscriptions

This bug was fixed in the package linux - 4.8.0-19.21

---------------
linux (4.8.0-19.21) yakkety; urgency=low

[ Tim Gardner ]

* Release Tracking Bug
- LP: #1629057

* 4.8.0 kernels do not complete boot process on VM (LP: #1627198)
- [Config] CONFIG_HARDENED_USERCOPY_PAGESPAN=n

* mount-image-callback cannot mount partitioned disk image (LP: #1628336)
- SAUCE: nbd: Only delay uevent until connected

* Support snaps inside of lxd containers (LP: #1611078)
- apparmor: add interface to be able to grab loaded policy
- securityfs: update interface to allow inode_ops, and setup from vfs fns
- apparmor: refactor aa_prepare_ns into prepare_ns and create_ns routines
- apparmor: add __aa_find_ns fn
- apparmor: add mkdir/rmdir interface to manage policy namespaces
- apparmor: fix oops in pivot_root mediation
- apparmor: fix warning that fn build_pivotroot discards const
- apparmor: add interface to advertise status of current task stacking
- apparmor: update policy permissions to consider ns being viewed/managed
- apparmor: add per ns policy management interface
- apparmor: bump domain stacking version to 1.2

* linux-image-extra-4.8.0-17-generic does not provide many sound card modules
(LP: #1628523)
- [Config] CONFIG_ZONE_DMA=y for generic

* Yakkety - disable ARCH_ZX (LP: #1628503)
- [Config] armhf: disable ARCH_ZX

* Enable switchdev config parameter for Yakkety (LP: #1628241)
- [Config] CONFIG_NET_SWITCHDEV=y for amd64/arm64

* Ubuntu 16.10 kernel v4.8: Installation failing on Habanero with Shiner card
(LP: #1628009)
- firmware: Update bnx2x to 7.13.1.0

* vNIC driver missing in 4.8 kernel package (LP: #1628187)
- [Config] Enable CONFIG_IBMVNIC=m

* Yakkety - armhf: MFD_TPS65217 and REGULATOR_TPS65217 are boot essential
(LP: #1628112)
- [Config] armhf: MFD_TPS65217=y && REGULATOR_TPS65217=y

* Miscellaneous Ubuntu changes
- Rebase to v4.8-rc8
- [Config] skip Ubuntu-4.8.0-18.20
- [Config] missing modules in armhf/s390x

* Miscellaneous Ubuntu changes
- rebase to v4.8-rc8

-- Leann Ogasawara <***@canonical.com> Sun, 25 Sep 2016
12:13:35 -0700

** Changed in: linux (Ubuntu)
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1611078

Title:
Support snaps inside of lxd containers

To manage notifications about this bug go to:
https://bugs.launchpad.net/snappy/+bug/1611078/+subscriptions

Marking this bug fix released as all the bits we wanted done here have
been done.

We still have a separate bug open for the dependency on squashfuse and
its SRU to xenial.

** Changed in: snappy
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1611078

Title:
Support snaps inside of lxd containers

To manage notifications about this bug go to:
https://bugs.launchpad.net/snappy/+bug/1611078/+subscriptions

** Also affects: apparmor (Ubuntu Xenial)
Importance: Undecided
Status: New

** Also affects: linux (Ubuntu Xenial)
Importance: Undecided
Status: New

** Also affects: lxd (Ubuntu Xenial)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1611078

Title:
Support snaps inside of lxd containers

To manage notifications about this bug go to:
https://bugs.launchpad.net/snappy/+bug/1611078/+subscriptions

** Changed in: linux (Ubuntu Xenial)
Status: New => Fix Committed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1611078

Title:
Support snaps inside of lxd containers

To manage notifications about this bug go to:
https://bugs.launchpad.net/snappy/+bug/1611078/+subscriptions

** Changed in: linux (Ubuntu Xenial)
Importance: Undecided => Critical

** Changed in: linux (Ubuntu Xenial)
Assignee: (unassigned) => John Johansen (jjohansen)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1611078

Title:
Support snaps inside of lxd containers

To manage notifications about this bug go to:
https://bugs.launchpad.net/snappy/+bug/1611078/+subscriptions

** Changed in: lxd (Ubuntu Xenial)
Status: New => Fix Committed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1611078

Title:
Support snaps inside of lxd containers

To manage notifications about this bug go to:
https://bugs.launchpad.net/snappy/+bug/1611078/+subscriptions

** Also affects: apparmor (Ubuntu Yakkety)
Importance: Critical
Assignee: Tyler Hicks (tyhicks)
Status: Fix Released

** Also affects: linux (Ubuntu Yakkety)
Importance: Critical
Assignee: John Johansen (jjohansen)
Status: Fix Released

** Also affects: lxd (Ubuntu Yakkety)
Importance: Critical
Assignee: Stéphane Graber (stgraber)
Status: Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1611078

Title:
Support snaps inside of lxd containers

To manage notifications about this bug go to:
https://bugs.launchpad.net/snappy/+bug/1611078/+subscriptions

This bug is awaiting verification that the kernel in -proposed solves
the problem. Please test the kernel and update this bug with the
results. If the problem is solved, change the tag 'verification-needed-
xenial' to 'verification-done-xenial'.

If verification is not done by 5 working days from today, this fix will
be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how
to enable and use -proposed. Thank you!


** Tags added: verification-needed-xenial
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1611078

Title:
Support snaps inside of lxd containers

To manage notifications about this bug go to:
https://bugs.launchpad.net/snappy/+bug/1611078/+subscriptions

The fix only for Yakkety? I still have the same error on Xenial with
proposed enabled.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1611078

Title:
Support snaps inside of lxd containers

To manage notifications about this bug go to:
https://bugs.launchpad.net/snappy/+bug/1611078/+subscriptions

NVM, I will download and compile the kernel and test it this week. Let
see how it go.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1611078

Title:
Support snaps inside of lxd containers

To manage notifications about this bug go to:
https://bugs.launchpad.net/snappy/+bug/1611078/+subscriptions

Status changed to 'Confirmed' because the bug affects multiple users.

** Changed in: apparmor (Ubuntu Xenial)
Status: New => Confirmed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1611078

Title:
Support snaps inside of lxd containers

To manage notifications about this bug go to:
https://bugs.launchpad.net/snappy/+bug/1611078/+subscriptions

I tested using latest xenial proposed kernel with latest apparmor utils.
The problem still there.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1611078

Title:
Support snaps inside of lxd containers

To manage notifications about this bug go to:
https://bugs.launchpad.net/snappy/+bug/1611078/+subscriptions

** Tags removed: verification-needed-xenial
** Tags added: verification-failed-xenial
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1611078

Title:
Support snaps inside of lxd containers

To manage notifications about this bug go to:
https://bugs.launchpad.net/snappy/+bug/1611078/+subscriptions

Based on feedback from @jjohansen there will be follow-up patches to fix
the problems, but the patches already applied should be kept and do not
need to be reverted.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1611078

Title:
Support snaps inside of lxd containers

To manage notifications about this bug go to:
https://bugs.launchpad.net/snappy/+bug/1611078/+subscriptions

note: that for xenial there are several pieces that must land as
different SRUs. Just using the xenial SRU kernel is not sufficient.
There is an apparmor userspace SRU that is required, and squashfuse sru
...
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1611078

Title:
Support snaps inside of lxd containers

To manage notifications about this bug go to:
https://bugs.launchpad.net/snappy/+bug/1611078/+subscriptions

This bug was fixed in the package linux - 4.4.0-47.68

---------------
linux (4.4.0-47.68) xenial; urgency=low

[ Kamal Mostafa ]

* Release Tracking Bug
- LP: #1636941

* Add a driver for Amazon Elastic Network Adapters (ENA) (LP: #1635721)
- lib/bitmap.c: conversion routines to/from u32 array
- net: ethtool: add new ETHTOOL_xLINKSETTINGS API
- net: ena: Add a driver for Amazon Elastic Network Adapters (ENA)
- [config] enable CONFIG_ENA_ETHERNET=m (Amazon ENA driver)

* unexpectedly large memory usage of mounted snaps (LP: #1636847)
- [Config] switch squashfs to single threaded decode

-- Kamal Mostafa <***@canonical.com> Wed, 26 Oct 2016 10:47:55 -0700

** Changed in: linux (Ubuntu Xenial)
Status: Fix Committed => Fix Released

** Changed in: linux (Ubuntu Xenial)
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1611078

Title:
Support snaps inside of lxd containers

To manage notifications about this bug go to:
https://bugs.launchpad.net/snappy/+bug/1611078/+subscriptions

This bug was fixed in the package linux - 4.4.0-47.68

---------------
linux (4.4.0-47.68) xenial; urgency=low

[ Kamal Mostafa ]

* Release Tracking Bug
- LP: #1636941

* Add a driver for Amazon Elastic Network Adapters (ENA) (LP: #1635721)
- lib/bitmap.c: conversion routines to/from u32 array
- net: ethtool: add new ETHTOOL_xLINKSETTINGS API
- net: ena: Add a driver for Amazon Elastic Network Adapters (ENA)
- [config] enable CONFIG_ENA_ETHERNET=m (Amazon ENA driver)

* unexpectedly large memory usage of mounted snaps (LP: #1636847)
- [Config] switch squashfs to single threaded decode

-- Kamal Mostafa <***@canonical.com> Wed, 26 Oct 2016 10:47:55 -0700
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1611078

Title:
Support snaps inside of lxd containers

To manage notifications about this bug go to:
https://bugs.launchpad.net/snappy/+bug/1611078/+subscriptions

Xenial's apparmor was fixed with package version 2.10.95-0ubuntu2.5

** Changed in: apparmor (Ubuntu Xenial)
Importance: Undecided => Critical

** Changed in: apparmor (Ubuntu Xenial)
Status: Confirmed => Fix Released

** Changed in: apparmor (Ubuntu Xenial)
Assignee: (unassigned) => Tyler Hicks (tyhicks)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1611078

Title:
Support snaps inside of lxd containers

To manage notifications about this bug go to:
https://bugs.launchpad.net/snappy/+bug/1611078/+subscriptions

Is this supposed to work on Yakkety now? I've just tried, and it fails
in the same way for me. I'm using:

lxd 2.6.2-0ubuntu1~ubuntu16.10.1~ppa1
lxd-client 2.6.2-0ubuntu1~ubuntu16.10.1~ppa1
apparmor 2.10.95-4ubuntu5.1
snapd 2.17.1+16.10

Linux 4.8.0-28-generic x86_64
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1611078

Title:
Support snaps inside of lxd containers

To manage notifications about this bug go to:
https://bugs.launchpad.net/snappy/+bug/1611078/+subscriptions

Did you install squashfuse in your container?
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1611078

Title:
Support snaps inside of lxd containers

To manage notifications about this bug go to:
https://bugs.launchpad.net/snappy/+bug/1611078/+subscriptions

Thanks, that was the missing link. Works after installing squashfuse.

For anyone else wondering, instructions are in the description of
lp:1630789.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1611078

Title:
Support snaps inside of lxd containers

To manage notifications about this bug go to:
https://bugs.launchpad.net/snappy/+bug/1611078/+subscriptions

Testing on Xenial with 4.8 Ubuntu kernel.

In container,
***@test:~$ lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 16.04.1 LTS
Release: 16.04
Codename: xenial


***@test:~$ dpkg -l | grep -i 'apparmor\|snap\|squash'
ii apparmor 2.10.95-0ubuntu2.5 amd64 user-space parser utility for AppArmor
ii libapparmor-perl 2.10.95-0ubuntu2.5 amd64 AppArmor library Perl bindings
ii libapparmor1:amd64 2.10.95-0ubuntu2.5 amd64 changehat AppArmor library
ii snap-confine 2.20.1ubuntu1 amd64 Support executable to apply confinement for snappy apps
ii snapd 2.20.1ubuntu1 amd64 Tool to interact with Ubuntu Core Snappy.
ii squashfs-tools 1:4.3-3ubuntu2 amd64 Tool to create and append to squashfs filesystems
ii squashfuse 0.1.100-0ubuntu1~ubuntu16.04.1 amd64 FUSE filesystem to mount squashfs archives
ii ubuntu-core-launcher 2.20.1ubuntu1 amd64 Launcher for ubuntu-core (snappy) apps


sudo snap install hello-world
error: cannot perform the following tasks:
- Setup snap "core" (714) security profiles (cannot setup udev for snap "core": cannot reload udev rules: exit status 2
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1611078

Title:
Support snaps inside of lxd containers

To manage notifications about this bug go to:
https://bugs.launchpad.net/snappy/+bug/1611078/+subscriptions

I can confirm this works on xenial after installing squashfuse.

***@clean-lark:~# lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 16.04.1 LTS
Release: 16.04
Codename: xenial
***@clean-lark:~# uname -a
Linux clean-lark 4.4.0-63-generic #84-Ubuntu SMP Wed Feb 1 17:20:32 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux
***@clean-lark:~# dpkg -l | grep -i 'apparmor\|snap\|squash'
ii apparmor 2.10.95-0ubuntu2.5 amd64 user-space parser utility for AppArmor
ii libapparmor-perl 2.10.95-0ubuntu2.5 amd64 AppArmor library Perl bindings
ii libapparmor1:amd64 2.10.95-0ubuntu2.5 amd64 changehat AppArmor library
ii snap-confine 2.21 amd64 Support executable to apply confinement for snappy apps
ii snapd 2.21 amd64 Tool to interact with Ubuntu Core Snappy.
ii squashfs-tools 1:4.3-3ubuntu2 amd64 Tool to create and append to squashfs filesystems
ii ubuntu-core-launcher 2.21 amd64 Launcher for ubuntu-core (snappy) apps
***@clean-lark:~# snap list
Name Version Rev Developer Notes
core 16.04.1 888 canonical -
hello-world 6.3 27 canonical -
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1611078

Title:
Support snaps inside of lxd containers

To manage notifications about this bug go to:
https://bugs.launchpad.net/snappy/+bug/1611078/+subscriptions

The latest version of xenial kernel, apparmor , lxd are now have the
fixes to run snap in lxd container. If it fail, please try to install
squashfuse or disable privileged mode.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1611078

Title:
Support snaps inside of lxd containers

To manage notifications about this bug go to:
https://bugs.launchpad.net/snappy/+bug/1611078/+subscriptions

Is there a regression here? Launching a Yakkety 16.10 LXD container
fails to install the core snap, fusermount cannot do its magic:

***@e:~# snap install core
error: cannot perform the following tasks:
- Mount snap "core" (1577) ([start snap-core-1577.mount] failed with exit status 1: Job for snap-core-1577.mount failed.
See "systemctl status snap-core-1577.mount" and "journalctl -xe" for details.
)

● snap-core-1577.mount - Mount unit for core
Loaded: loaded (/etc/systemd/system/snap-core-1577.mount; enabled; vendor preset: enabled)
Active: failed (Result: exit-code) since Wed 2017-04-05 15:42:15 UTC; 20s ago
Where: /snap/core/1577
What: /var/lib/snapd/snaps/core_1577.snap
Process: 605 ExecMount=/bin/mount /var/lib/snapd/snaps/core_1577.snap /snap/core/1577 -t fuse.squashfuse -o ro,allow_other (code=exited, status=1/FA

Apr 05 15:42:15 e systemd[1]: Mounting Mount unit for core...
Apr 05 15:42:15 e mount[605]: fusermount: mount failed: Operation not permitted
Apr 05 15:42:15 e systemd[1]: snap-core-1577.mount: Mount process exited, code=exited status=1
Apr 05 15:42:15 e systemd[1]: Failed to mount Mount unit for core.
Apr 05 15:42:15 e systemd[1]: snap-core-1577.mount: Unit entered failed state.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1611078

Title:
Support snaps inside of lxd containers

To manage notifications about this bug go to:
https://bugs.launchpad.net/snappy/+bug/1611078/+subscriptions

And in some cases squashfuse may not have the proper dep of fuse. And
you may need to manually:

apt install fuse # in addition to squashfuse

<stgraber> looks like squashfuse is missing a dependency on "fuse"
<stgraber> which is part of the official Ubuntu images but not in the community images
<stgraber> so if you use "lxc launch ubuntu:16.04" it'll work (after you install squashfuse)
<stgraber> but if you use "images:ubuntu/xenial" you'll need to install "fuse" and "squashfuse"
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1611078

Title:
Support snaps inside of lxd containers

To manage notifications about this bug go to:
https://bugs.launchpad.net/snappy/+bug/1611078/+subscriptions

Latest snap-confine seem break the lxd snap function. It used to work
until recent update.

snap-confine 2.22.6
lxd 2.12-0ubuntu3~ubuntu16.04.1~ppa1
linux-image-4.4.0-72-generic 4.4.0-72.93

Apr 18 15:33:22 snapbox audit[15919]: AVC apparmor="DENIED" operation="file_inherit" namespace="root//lxd-devbox_<var-lib-lxd>" profile="/usr/lib/snapd/snap-confine" name="/dev/tty" pid=15919 comm="snap-confine" requested_mask="wr" denied_mask="wr" fsuid=265536 ouid=0
Apr 18 15:33:22 snapbox audit[15919]: SYSCALL arch=c000003e syscall=59 success=yes exit=0 a0=c820161b00 a1=c820194150 a2=c82008bb20 a3=0 items=2 ppid=15917 pid=15919 auid=4294967295 uid=265536 gid=265536 euid=265536 suid=265536 fsuid=265536 egid=265536 sgid=265536 fsgid=265536 tty=(none) ses=4294967295 comm="snap-confine" exe="/usr/lib/snapd/snap-confine" key=(null)
Apr 18 15:33:22 snapbox audit: BPRM_FCAPS fver=0 fp=0000000000000000 fi=0000000000000000 fe=0 old_pp=0000003ffdfcffff old_pi=0000000000000000 old_pe=0000003ffdfcffff new_pp=0000003ffdfcffff new_pi=0000000000000000 new_pe=0000003ffdfcffff
Apr 18 15:33:22 snapbox audit: EXECVE argc=4 a0="/usr/lib/snapd/snap-confine" a1="snap.hello-world.hello-world" a2="/usr/lib/snapd/snap-exec" a3="hello-world"
Apr 18 15:33:22 snapbox audit: CWD cwd="/home/ubuntu"
Apr 18 15:33:22 snapbox audit: PATH item=0 name="/usr/lib/snapd/snap-confine" inode=27527378 dev=08:02 mode=0104755 ouid=265536 ogid=265536 rdev=00:00 nametype=NORMAL
Apr 18 15:33:22 snapbox audit: PATH item=1 name="/lib64/ld-linux-x86-64.so.2" inode=19678033 dev=08:02 mode=0100755 ouid=265536 ogid=265536 rdev=00:00 nametype=NORMAL
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1611078

Title:
Support snaps inside of lxd containers

To manage notifications about this bug go to:
https://bugs.launchpad.net/snappy/+bug/1611078/+subscriptions

I notice container upgrade from 14.04 to 16.04 do not have /lib/modules
directory. It caused snap install error when /lib/modules do not exist
in the container.

- Run configure hook of "core" snap if present (run hook "configure":
cannot perform operation: mount --rbind /lib/modules
/tmp/snap.rootfs_5c56PD//lib/modules: No such file or directory)

solution: mkdir /lib/modules

proposed solution: create /lib/modules when lxd container detected.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1611078

Title:
Support snaps inside of lxd containers

To manage notifications about this bug go to:
https://bugs.launchpad.net/snappy/+bug/1611078/+subscriptions

No, the solution is that snapd shouldn't assume that /lib/modules exist
and just not attempt to bind-mount it if it's missing.

Systems that don't have kernels installed (like containers) shouldn't
have /lib/modules at all.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1611078

Title:
Support snaps inside of lxd containers

To manage notifications about this bug go to:
https://bugs.launchpad.net/snappy/+bug/1611078/+subscriptions

** Changed in: lxd (Ubuntu Xenial)
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1611078

Title:
Support snaps inside of lxd containers

To manage notifications about this bug go to:
https://bugs.launchpad.net/snappy/+bug/1611078/+subscriptions

I am still unable to run snaps inside lxd containers. I've just tested
on an Ubuntu 16.04.3 LTS host:

$ uname -a
Linux hp 4.10.0-33-generic #37~16.04.1-Ubuntu SMP Fri Aug 11 14:07:24 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux
$ lxc version
2.0.10
$ lxc launch ubuntu:16.04 test
Creating test
Starting test
$ lxc exec test -- apt update
<redacted for readability>
$ lxc exec test -- apt dist-upgrade -y
<redacted for readability>
$ lxc exec test -- apt install squashfuse -y
<redacted for readability>
$ lxc exec test -- snap install hello
error: cannot communicate with server: Post http://localhost/v2/snaps/hello: dial unix /run/snapd.socket: connect: connection refused
$ lxc exec test -- systemctl status snapd
● snapd.service - Snappy daemon
Loaded: loaded (/lib/systemd/system/snapd.service; enabled; vendor preset: enabled)
Active: inactive (dead) (Result: exit-code) since Wed 2017-08-30 22:39:39 UTC; 35s ago
Main PID: 2017 (code=exited, status=201/NICE)

Aug 30 22:39:39 test systemd[1]: snapd.service: Unit entered failed state.
Aug 30 22:39:39 test systemd[1]: snapd.service: Failed with result 'exit-code'.
Aug 30 22:39:39 test systemd[1]: snapd.service: Service hold-off time over, scheduling restart.
Aug 30 22:39:39 test systemd[1]: Stopped Snappy daemon.
Aug 30 22:39:39 test systemd[1]: snapd.service: Start request repeated too quickly.
Aug 30 22:39:39 test systemd[1]: Failed to start Snappy daemon.
$ lxc exec test -- snap version
snap 2.26.10
snapd unavailable
series -
$
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1611078

Title:
Support snaps inside of lxd containers

To manage notifications about this bug go to:
https://bugs.launchpad.net/snappy/+bug/1611078/+subscriptions

Sounds like it might be LP:1709536
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1611078

Title:
Support snaps inside of lxd containers

To manage notifications about this bug go to:
https://bugs.launchpad.net/snappy/+bug/1611078/+subscriptions