Cannot locate base snap core18: Permission denied

quater · October 28, 2020, 7:04am

I have created a graphics enabled LXD container by following the instructions at https://blog.simos.info/how-to-easily-run-graphics-accelerated-gui-apps-in-lxd-containers-on-your-ubuntu-desktop/. I have verified the LXD graphics working by launching Firefox that was installed by using its Apt package.

When I install Chromium on the LXD container by using Snap, the installation finishes without error.

ubuntu@lxdcontainer:~$ sudo snap install chromium
chromium 86.0.4240.111 from Canonical✓ installed

However, when I then try to launch Chromium, I get the below error:

ubuntu@lxdcontainer:~$ chromium
cannot locate base snap core18: Permission denied

What can I do to do to troubleshoot this further?

Note: I get the same error with the flameshot snap. I, therefore, suspect this error is a generic Snap issue observed with an Ubuntu 20.10 LXD container.

mborzecki · October 28, 2020, 8:49am

What does snap list show?

zyga-snapd · October 28, 2020, 1:15pm

Can you paste the output of:

dmesg | grep DENIED

quater · October 29, 2020, 1:25am

New container without having installed anything

ubuntu@lxdcontainer:~$ snap list
Name Version Rev Tracking Publisher Notes
core18 20200724 1885 latest/stable canonical✓ base
lxd 4.7 17936 latest/stable/… canonical✓ -
snapd 2.47.1 9721 latest/stable canonical✓ snapd

Installing squashfuse and then Chromium

ubuntu@lxdcontainer:~$ sudo apt update && sudo apt install squashfuse -y
ubuntu@lxdcontainer:~$ sudo snap install chromium
chromium 86.0.4240.111 from Canonical✓ installed

Snap list after Chromium got installed

ubuntu@lxdcontainer:~$ snap list
Name Version Rev Tracking Publisher Notes
chromium 86.0.4240.111 1373 latest/stable canonical✓ -
core18 20200724 1885 latest/stable canonical✓ base
gtk-common-themes 0.1-36-gc75f853 1506 latest/stable canonical✓ -
lxd 4.7 17936 latest/stable/… canonical✓ -
snapd 2.47.1 9721 latest/stable canonical✓ snapd

Try to start Chromium

ubuntu@lxdcontainer:~$ chromium
cannot locate base snap core18: Permission denied

quater · October 29, 2020, 1:30am

ubuntu@lxdcontainer:~$ sudo dmesg | grep DENIED
dmesg: read kernel buffer failed: Operation not permitted

ubuntu@lxdcontainer:~$ ls -lah /var/log/dmesg
-rw-r–r-- 1 root adm 0 Oct 29 00:38 /var/log/dmesg

The /var/log/dmesg file is empty. This might be because of how LXD mounts those paths.

zyga-snapd · October 29, 2020, 7:53am

Can you run that on the container host please?

quater · October 29, 2020, 11:28pm

Running $ sudo dmesg | grep DENIED on the host does not return any values.

quater · October 30, 2020, 12:09am

I am observing bizarre behaviour now, which I cannot plausibly explain.

When I created this post initially, I created a container and then another one when the first troubleshooting suggestions arrived.

Today, I see that those two “old” containers do not inhabit this error cannot locate base snap core18: Permission denied anymore but instead successfully launch the Chromium browser.

To investigate this further, I have now created a new, a third, container named ‘lxdcontainer3’ and followed the same steps as previously outlined. There I get the cannot locate base snap core18: Permission denied error again.

I then stopped the LXD service on the laptop (LXD host) with sudo snap stop lxd and then started it again with sudo snap start lxd. After this, I connected to the container ‘lxdcontainer3’ again, and I still got the cannot locate base snap core18: Permission denied error when trying to launch the Chromium browser.

Since my laptop on which those containers run gets shut down when not used I suspected that a shut down might affect the behaviour observed. In the light of this, I shut down and booted my laptop and tested this with the ‘lxdcontainer3’ container again but the problem persisted.

As of the behaviour observed so far, I have the hunch that ‘lxdcontainer3’ may work tomorrow…

zyga-snapd · October 30, 2020, 12:31pm

CC @pstolowski for his insight into disabling LXD

quater · November 1, 2020, 11:58pm

My laptop was shutdown over the weekend and I now tried to launch Chromium that is installed in ‘lxdcontainer3’ and it worked.

Behaviour summary as currently observed:

When restarting the entire Ubuntu LXD host (laptop with snap LXD installed), the problem persists with error cannot locate base snap core18: Permission denied.
When shutting down the Ubuntu LXD host and leave it until the next day (another calendar date), launching Chromium in the LXD container works.

pstolowski · November 3, 2020, 10:24am

I’ll look at it soon and see if I can reproduce.

pstolowski · November 3, 2020, 12:42pm

I didn’t have luck reproducing this (I tried with a few 18.04 lxd containers; lxd snap 4.7 rev 18137, running on groovy as a host, restarted the host a couple of times); I didn’t have luck setting them for GUI apps following that tutorial though, but I think this may not be relevant for the problem; FWTW I had chromium and firefox snaps inside containers, they would run from snaps and were just failing accessing X.

One possible explanation (but it may be a long shot) is that something fails during an automatic snap refresh, and current symlink for core18 is lost; could you please:

see (now) if there are any errors reported by snap changes (and if there is an error, run snap change <id> where id is the id of the failed change and attach the output)
if the problems happens again, check snap changes again and also check if /snap/core18/current is a valid symlink?

quater · November 4, 2020, 12:28am

Thank you for looking into this @pstolowski

As you mentioned that you tried with Ubuntu 18.04 LXD containers, I have tested this with Ubuntu 18.04 LXD containers now and can confirm that Chromium works with Ubuntu 18.04 LXD containers.

When testing with 18.04 LXD I noticed that snap list, on a vanilla 18.04 LXD container, shows no Snaps installed

ubuntu@lxdcontainer5:~$ snap list
No snaps are installed yet. Try 'snap install hello-world'.

Whereas snap list, on a vanilla 20.10 LXD container, shows;

ubuntu@lxdcontainer6:~$ sudo snap list
Name    Version   Rev    Tracking         Publisher   Notes
core18  20200929  1932   latest/stable    canonical✓  base
lxd     4.7       18137  latest/stable/…  canonical✓  -
snapd   2.47.1    9721   latest/stable    canonical✓  snap

Based on this, I figured out a workaround to make Chromium work immediately after it was installed, avoiding the Cannot locate base snap core18: Permission denied error.

The workaround is to basically uninstall the LXD and the core18 snaps and then install Chromium.

Below are is the sequence of commands to work around this error.

$ export LXD_CONTAINER_NAME="lxdcontainer6"

$ lxc launch ubuntu:20.10 --profile default $LXD_CONTAINER_NAME
Creating lxdcontainer6
Starting lxdcontainer6

$ lxc exec $LXD_CONTAINER_NAME -- sudo --user ubuntu --login
To run a command as administrator (user "root"), use "sudo <command>".
See "man sudo_root" for details.

ubuntu@lxdcontainer6:~$ sudo snap list
Name    Version   Rev    Tracking         Publisher   Notes
core18  20200929  1932   latest/stable    canonical✓  base
lxd     4.7       18137  latest/stable/…  canonical✓  -
snapd   2.47.1    9721   latest/stable    canonical✓  snapd
ubuntu@lxdcontainer6:~$ sudo snap remove lxd
lxd removed
ubuntu@lxdcontainer6:~$ sudo snap remove core18
core18 removed
ubuntu@lxdcontainer6:~$ sudo snap list
Name   Version  Rev   Tracking       Publisher   Notes
snapd  2.47.1   9721  latest/stable  canonical✓  snapd
ubuntu@lxdcontainer6:~$ sudo snap changes
ID   Status  Spawn                   Ready               Summary
1    Done    yesterday at 11:33 UTC  today at 00:10 UTC  Initialize system state
2    Done    today at 00:10 UTC      today at 00:10 UTC  Initialize device
3    Done    today at 00:10 UTC      today at 00:10 UTC  Remove "lxd" snap
4    Done    today at 00:10 UTC      today at 00:10 UTC  Remove "core18" snap

ubuntu@lxdcontainer6:~$ sudo snap install chromium
chromium 86.0.4240.111 from Canonical✓ installed
ubuntu@lxdcontainer6:~$ sudo snap changes
ID   Status  Spawn                   Ready               Summary
1    Done    yesterday at 11:33 UTC  today at 00:10 UTC  Initialize system state
2    Done    today at 00:10 UTC      today at 00:10 UTC  Initialize device
3    Done    today at 00:10 UTC      today at 00:10 UTC  Remove "lxd" snap
4    Done    today at 00:10 UTC      today at 00:10 UTC  Remove "core18" snap
5    Done    today at 00:10 UTC      today at 00:14 UTC  Install "chromium" snap

ubuntu@lxdcontainer6:~$ sudo snap list
Name               Version          Rev   Tracking       Publisher   Notes
chromium           86.0.4240.111    1373  latest/stable  canonical✓  -
core18             20200929         1932  latest/stable  canonical✓  base
gtk-common-themes  0.1-36-gc75f853  1506  latest/stable  canonical✓  -
snapd              2.47.1           9721  latest/stable  canonical✓  snapd

ubuntu@lxdcontainer6:~$ ls -lah /snap/core18/1932
total 0
lrwxrwxrwx  1 root root 15 Sep 29 10:44 .disk -> /writable/.disk
drwxr-xr-x  2 root root  0 Sep 29 10:45 bin
drwxr-xr-x  6 root root  0 Sep 29 10:45 boot
drwxr-xr-x  2 root root  0 Sep 29 10:45 dev
drwxr-xr-x 42 root root  0 Sep 29 10:45 etc
drwxr-xr-x  2 root root  0 Apr 24  2018 home
drwxr-xr-x 14 root root  0 Sep 29 10:45 lib
drwxr-xr-x  2 root root  0 Sep 29 10:45 lib64
drwxr-xr-x  2 root root  0 Aug  6 22:33 media
drwxr-xr-x  2 root root  0 Sep 29 10:45 meta
drwxr-xr-x  2 root root  0 Aug  6 22:33 mnt
drwxr-xr-x  2 root root  0 Aug  6 22:33 opt
drwxr-xr-x  2 root root  0 Apr 24  2018 proc
drwx------  2 root root  0 Sep 29 10:45 root
drwxr-xr-x  2 root root  0 Sep 29 10:44 run
drwxr-xr-x  2 root root  0 Sep 29 10:45 sbin
drwxr-xr-x  2 root root  0 Sep 29 10:45 snap
drwxr-xr-x  2 root root  0 Aug  6 22:33 srv
-rw-r--r--  1 root root 53 Sep 29 10:45 stdout
drwxr-xr-x  2 root root  0 Apr 24  2018 sys
drwxrwxrwt  2 root root  0 Sep 29 10:45 tmp
drwxr-xr-x 11 root root  0 Sep 29 10:45 usr
drwxr-xr-x 12 root root  0 Sep 29 10:45 var
drwxr-xr-x  2 root root  0 Sep 29 10:44 writable

ubuntu@lxdcontainer6:~$ chromium
mkdir: cannot create directory ‘/run/user/1000’: Permission denied
[1457:1457:1104/001543.990873:ERROR:browser_main_loop.cc(1426)] Unable to open X display.

Since this problem reported with this post is not related to the X display forwarding, I am using the default LXD profile here and therefore the Unable to open X display error shown above is expected and not of relevance.

quater · November 4, 2020, 12:56am

In answer to your question, to verify that /snap/core18/current is a valid symlink, I have observed the following:

The symlink shows correctly on the LXD host and the LXD containers:

ubuntu@lxdcontainer6:~$ ls -lah /snap/core18/current
lrwxrwxrwx 1 root root 4 Nov  4 00:11 /snap/core18/current -> 1932

However, the target directory 1932 shows permission denied when run from within the container:

ubuntu@lxdcontainer8:~$ ls -lah /snap/core18/1932 
ls: cannot access '/snap/core18/1932': Permission denied

When doing an ls for the /snap/core18 directory from within the LXD container, I get:

ubuntu@lxdcontainer8:~$ ls -lah /snap/core18/
ls: cannot access '/snap/core18/1932': Permission denied
total 2.5K
drwxr-xr-x 3 root root 4 Nov  3 11:33 .
drwxr-xr-x 8 root root 9 Nov  4 00:44 ..
d????????? ? ?    ?    ?            ? 1932
lrwxrwxrwx 1 root root 4 Nov  3 11:33 current -> 1932

Given the workaround I posted, I now got the impression this problem is not a problem with the Chromium snap but possibly a problem as to how core18 is installed on the LXD base image for Ubuntu 20:10.

What do you think?

For brevity, here is the sequence of commands to reproduce the error.

$ export LXD_CONTAINER_NAME="lxdcontainer8"

$ lxc launch ubuntu:20.10 --profile default $LXD_CONTAINER_NAME
Creating lxdcontainer8
Starting lxdcontainer8

$ lxc exec $LXD_CONTAINER_NAME -- sudo --user ubuntu --login

ubuntu@lxdcontainer8:~$ sudo snap list
Name    Version   Rev    Tracking         Publisher   Notes
core18  20200929  1932   latest/stable    canonical✓  base
lxd     4.7       18137  latest/stable/…  canonical✓  -
snapd   2.47.1    9721   latest/stable    canonical✓  snapd
ubuntu@lxdcontainer8:~$ ls -lah /snap/core18/
ls: cannot access '/snap/core18/1932': Permission denied
total 2.5K
drwxr-xr-x 3 root root 4 Nov  3 11:33 .
drwxr-xr-x 6 root root 7 Nov  3 11:33 ..
d????????? ? ?    ?    ?            ? 1932
lrwxrwxrwx 1 root root 4 Nov  3 11:33 current -> 1932
ubuntu@lxdcontainer8:~$ sudo snap changes
ID   Status  Spawn                   Ready               Summary
1    Done    yesterday at 11:33 UTC  today at 00:39 UTC  Initialize system state
2    Done    today at 00:39 UTC      today at 00:40 UTC  Initialize device

ubuntu@lxdcontainer8:~$ sudo snap install chromium
chromium 86.0.4240.111 from Canonical✓ installed
ubuntu@lxdcontainer8:~$ sudo snap list
Name               Version          Rev    Tracking         Publisher   Notes
chromium           86.0.4240.111    1373   latest/stable    canonical✓  -
core18             20200929         1932   latest/stable    canonical✓  base
gtk-common-themes  0.1-36-gc75f853  1506   latest/stable    canonical✓  -
lxd                4.7              18137  latest/stable/…  canonical✓  -
snapd              2.47.1           9721   latest/stable    canonical✓  snapd
ubuntu@lxdcontainer8:~$ sudo snap changes
ID   Status  Spawn                   Ready               Summary
1    Done    yesterday at 11:33 UTC  today at 00:39 UTC  Initialize system state
2    Done    today at 00:39 UTC      today at 00:40 UTC  Initialize device
3    Done    today at 00:42 UTC      today at 00:44 UTC  Install "chromium" snap

ubuntu@lxdcontainer8:~$ chromium
cannot locate base snap core18: Permission denied
ubuntu@lxdcontainer8:~$ ls -lah /snap/core18/
ls: cannot access '/snap/core18/1932': Permission denied
total 2.5K
drwxr-xr-x 3 root root 4 Nov  3 11:33 .
drwxr-xr-x 8 root root 9 Nov  4 00:44 ..
d????????? ? ?    ?    ?            ? 1932
lrwxrwxrwx 1 root root 4 Nov  3 11:33 current -> 1932
ubuntu@lxdcontainer8:~$ sudo snap change 1
Status  Spawn                   Ready                   Summary
Done    yesterday at 11:33 UTC  yesterday at 11:33 UTC  Ensure prerequisites for "snapd" are available
Done    yesterday at 11:33 UTC  yesterday at 11:33 UTC  Prepare snap "/var/lib/snapd/seed/snaps/snapd_9721.snap" (9721)
Done    yesterday at 11:33 UTC  yesterday at 11:33 UTC  Mount snap "snapd" (9721)
Done    yesterday at 11:33 UTC  yesterday at 11:33 UTC  Copy snap "snapd" data
Done    yesterday at 11:33 UTC  yesterday at 11:33 UTC  Setup snap "snapd" (9721) security profiles
Done    yesterday at 11:33 UTC  yesterday at 11:33 UTC  Make snap "snapd" (9721) available to the system
Done    yesterday at 11:33 UTC  yesterday at 11:33 UTC  Automatically connect eligible plugs and slots of snap "snapd"
Done    yesterday at 11:33 UTC  yesterday at 11:33 UTC  Set automatic aliases for snap "snapd"
Done    yesterday at 11:33 UTC  yesterday at 11:33 UTC  Setup snap "snapd" aliases
Done    yesterday at 11:33 UTC  today at 00:39 UTC      Run install hook of "snapd" snap if present
Done    yesterday at 11:33 UTC  today at 00:39 UTC      Start snap "snapd" (9721) services
Done    yesterday at 11:33 UTC  today at 00:39 UTC      Run configure hook of "core" snap if present
Done    yesterday at 11:33 UTC  yesterday at 11:33 UTC  Ensure prerequisites for "core18" are available
Done    yesterday at 11:33 UTC  yesterday at 11:33 UTC  Prepare snap "/var/lib/snapd/seed/snaps/core18_1932.snap" (1932)
Done    yesterday at 11:33 UTC  yesterday at 11:33 UTC  Mount snap "core18" (1932)
Done    yesterday at 11:33 UTC  yesterday at 11:33 UTC  Copy snap "core18" data
Done    yesterday at 11:33 UTC  yesterday at 11:33 UTC  Setup snap "core18" (1932) security profiles
Done    yesterday at 11:33 UTC  yesterday at 11:33 UTC  Make snap "core18" (1932) available to the system
Done    yesterday at 11:33 UTC  yesterday at 11:33 UTC  Automatically connect eligible plugs and slots of snap "core18"
Done    yesterday at 11:33 UTC  yesterday at 11:33 UTC  Set automatic aliases for snap "core18"
Done    yesterday at 11:33 UTC  yesterday at 11:33 UTC  Setup snap "core18" aliases
Done    yesterday at 11:33 UTC  today at 00:39 UTC      Run install hook of "core18" snap if present
Done    yesterday at 11:33 UTC  today at 00:39 UTC      Start snap "core18" (1932) services
Done    yesterday at 11:33 UTC  today at 00:39 UTC      Run health check of "core18" snap
Done    yesterday at 11:33 UTC  yesterday at 11:33 UTC  Ensure prerequisites for "lxd" are available
Done    yesterday at 11:33 UTC  yesterday at 11:33 UTC  Prepare snap "/var/lib/snapd/seed/snaps/lxd_18137.snap" (18137)
Done    yesterday at 11:33 UTC  yesterday at 11:33 UTC  Mount snap "lxd" (18137)
Done    yesterday at 11:33 UTC  yesterday at 11:33 UTC  Copy snap "lxd" data
Done    yesterday at 11:33 UTC  yesterday at 11:33 UTC  Setup snap "lxd" (18137) security profiles
Done    yesterday at 11:33 UTC  yesterday at 11:33 UTC  Make snap "lxd" (18137) available to the system
Done    yesterday at 11:33 UTC  yesterday at 11:33 UTC  Automatically connect eligible plugs and slots of snap "lxd"
Done    yesterday at 11:33 UTC  yesterday at 11:33 UTC  Set automatic aliases for snap "lxd"
Done    yesterday at 11:33 UTC  yesterday at 11:33 UTC  Setup snap "lxd" aliases
Done    yesterday at 11:33 UTC  today at 00:39 UTC      Run install hook of "lxd" snap if present
Done    yesterday at 11:33 UTC  today at 00:39 UTC      Start snap "lxd" (18137) services
Done    yesterday at 11:33 UTC  today at 00:39 UTC      Run configure hook of "lxd" snap if present
Done    yesterday at 11:33 UTC  today at 00:39 UTC      Run health check of "lxd" snap
Done    yesterday at 11:33 UTC  today at 00:39 UTC      Mark system pre-seeded
Done    yesterday at 11:33 UTC  today at 00:39 UTC      Mark system seeded
Done    yesterday at 11:33 UTC  yesterday at 11:33 UTC  Connect lxd:lxd-support to snapd:lxd-support
Done    yesterday at 11:33 UTC  yesterday at 11:33 UTC  Connect lxd:network to snapd:network
Done    yesterday at 11:33 UTC  yesterday at 11:33 UTC  Connect lxd:network-bind to snapd:network-bind
Done    yesterday at 11:33 UTC  yesterday at 11:33 UTC  Connect lxd:system-observe to snapd:system-observe
Done    yesterday at 11:33 UTC  yesterday at 11:33 UTC  Setup snap "lxd" (18137) security profiles for auto-connections

ubuntu@lxdcontainer8:~$ sudo snap change 2
Status  Spawn               Ready               Summary
Done    today at 00:39 UTC  today at 00:39 UTC  Generate device key
Done    today at 00:39 UTC  today at 00:40 UTC  Request device serial

ubuntu@lxdcontainer8:~$ sudo snap change 3
Status  Spawn               Ready               Summary
Done    today at 00:42 UTC  today at 00:42 UTC  Ensure prerequisites for "chromium" are available
Done    today at 00:42 UTC  today at 00:44 UTC  Download snap "chromium" (1373) from channel "stable"
Done    today at 00:42 UTC  today at 00:44 UTC  Fetch and check assertions for snap "chromium" (1373)
Done    today at 00:42 UTC  today at 00:44 UTC  Mount snap "chromium" (1373)
Done    today at 00:42 UTC  today at 00:44 UTC  Copy snap "chromium" data
Done    today at 00:42 UTC  today at 00:44 UTC  Setup snap "chromium" (1373) security profiles
Done    today at 00:42 UTC  today at 00:44 UTC  Make snap "chromium" (1373) available to the system
Done    today at 00:42 UTC  today at 00:44 UTC  Automatically connect eligible plugs and slots of snap "chromium"
Done    today at 00:42 UTC  today at 00:44 UTC  Set automatic aliases for snap "chromium"
Done    today at 00:42 UTC  today at 00:44 UTC  Setup snap "chromium" aliases
Done    today at 00:42 UTC  today at 00:44 UTC  Run install hook of "chromium" snap if present
Done    today at 00:42 UTC  today at 00:44 UTC  Start snap "chromium" (1373) services
Done    today at 00:42 UTC  today at 00:44 UTC  Run configure hook of "chromium" snap if present
Done    today at 00:42 UTC  today at 00:44 UTC  Run health check of "chromium" snap
Done    today at 00:42 UTC  today at 00:42 UTC  Ensure prerequisites for "gtk-common-themes" are available
Done    today at 00:42 UTC  today at 00:43 UTC  Download snap "gtk-common-themes" (1506) from channel "stable"
Done    today at 00:42 UTC  today at 00:43 UTC  Fetch and check assertions for snap "gtk-common-themes" (1506)
Done    today at 00:42 UTC  today at 00:43 UTC  Mount snap "gtk-common-themes" (1506)
Done    today at 00:42 UTC  today at 00:43 UTC  Copy snap "gtk-common-themes" data
Done    today at 00:42 UTC  today at 00:43 UTC  Setup snap "gtk-common-themes" (1506) security profiles
Done    today at 00:42 UTC  today at 00:43 UTC  Make snap "gtk-common-themes" (1506) available to the system
Done    today at 00:42 UTC  today at 00:43 UTC  Automatically connect eligible plugs and slots of snap "gtk-common-themes"
Done    today at 00:42 UTC  today at 00:43 UTC  Set automatic aliases for snap "gtk-common-themes"
Done    today at 00:42 UTC  today at 00:43 UTC  Setup snap "gtk-common-themes" aliases
Done    today at 00:42 UTC  today at 00:43 UTC  Run install hook of "gtk-common-themes" snap if present
Done    today at 00:42 UTC  today at 00:43 UTC  Start snap "gtk-common-themes" (1506) services
Done    today at 00:42 UTC  today at 00:43 UTC  Run configure hook of "gtk-common-themes" snap if present
Done    today at 00:42 UTC  today at 00:43 UTC  Run health check of "gtk-common-themes" snap
Done    today at 00:44 UTC  today at 00:44 UTC  Connect chromium:audio-record to snapd:audio-record
Done    today at 00:44 UTC  today at 00:44 UTC  Connect chromium:camera to snapd:camera
Done    today at 00:44 UTC  today at 00:44 UTC  Connect chromium:desktop to snapd:desktop
Done    today at 00:44 UTC  today at 00:44 UTC  Connect chromium:removable-media to snapd:removable-media
Done    today at 00:44 UTC  today at 00:44 UTC  Connect chromium:screen-inhibit-control to snapd:screen-inhibit-control
Done    today at 00:44 UTC  today at 00:44 UTC  Connect chromium:x11 to snapd:x11
Done    today at 00:44 UTC  today at 00:44 UTC  Connect chromium:browser-sandbox to snapd:browser-support
Done    today at 00:44 UTC  today at 00:44 UTC  Connect chromium:chromium-config to snapd:personal-files
Done    today at 00:44 UTC  today at 00:44 UTC  Connect chromium:network-bind to snapd:network-bind
Done    today at 00:44 UTC  today at 00:44 UTC  Connect chromium:unity7 to snapd:unity7
Done    today at 00:44 UTC  today at 00:44 UTC  Connect chromium:bluez to snapd:bluez
Done    today at 00:44 UTC  today at 00:44 UTC  Connect chromium:etc-chromium-browser-policies to snapd:system-files
Done    today at 00:44 UTC  today at 00:44 UTC  Connect chromium:joystick to snapd:joystick
Done    today at 00:44 UTC  today at 00:44 UTC  Connect chromium:cups-control to snapd:cups-control
Done    today at 00:44 UTC  today at 00:44 UTC  Connect chromium:system-packages-doc to snapd:system-packages-doc
Done    today at 00:44 UTC  today at 00:44 UTC  Connect chromium:u2f-devices to snapd:u2f-devices
Done    today at 00:44 UTC  today at 00:44 UTC  Connect chromium:upower-observe to snapd:upower-observe
Done    today at 00:44 UTC  today at 00:44 UTC  Connect chromium:audio-playback to snapd:audio-playback
Done    today at 00:44 UTC  today at 00:44 UTC  Connect chromium:gsettings to snapd:gsettings
Done    today at 00:44 UTC  today at 00:44 UTC  Connect chromium:network to snapd:network
Done    today at 00:44 UTC  today at 00:44 UTC  Connect chromium:opengl to snapd:opengl
Done    today at 00:44 UTC  today at 00:44 UTC  Connect chromium:sound-themes to gtk-common-themes:sound-themes
Done    today at 00:44 UTC  today at 00:44 UTC  Connect chromium:gtk-3-themes to gtk-common-themes:gtk-3-themes
Done    today at 00:44 UTC  today at 00:44 UTC  Connect chromium:home to snapd:home
Done    today at 00:44 UTC  today at 00:44 UTC  Connect chromium:icon-themes to gtk-common-themes:icon-themes
Done    today at 00:44 UTC  today at 00:44 UTC  Setup snap "chromium" (1373) security profiles for auto-connections

ogra · November 4, 2020, 9:59am

wild guess here, but this looks more like a kernel bug or an issue with snapfuse … what is the host system running exactly ?

what is the output of snap version inside and outside of the container ?

pstolowski · November 4, 2020, 11:23am

I managed to reproduce it while playing with the containers (the key point was to create 20.10 container which I missed previously; unfortunately I’ve no clear steps and couldn’t reproduce in a clean VM

Key observations - summary:

the host system is 20.10 , installed lxd 4.7 snap (rev 18137) on it
I created a mix of 18.04 and 20.10 lxc containers
I used lxdguiprofile.txt (from the tutorial linked above) for them, but I think this is irrelavant for the problem (it only sets up stuff around X11 / pulseaudio sockets).
in the 18.04 containers I installed firefox or chromium snaps (so that core18 base is pulled; not neccessary with 20.10 containers as they come with core18 already installed).
at some point, inside 20.10 container I saw there was a problem with core18 snap:

d????????? ? ?    ?    ?            ? 1932

snapfuse process for this revision of core18 was running.
no denials and no snapfuse errors in the log.

This indeed looks like an issue with kernel / snapfuse and/or interaction with lxd. CC @stgraber for ideas.

quater · November 4, 2020, 11:27am

Below commands have been run on the LXD host and the container. The OS for the LXD host and the containers are the same, Ubuntu 20.10. All commands returned the same output on the LXD host and the container.

lsb_release -a:

$ lsb_release -a
No LSB modules are available.
Distributor ID:	Ubuntu
Description:	Ubuntu 20.10
Release:	20.10
Codename:	groovy

uname -a:

$ uname -a
Linux machinename 5.8.0-26-generic #27-Ubuntu SMP Wed Oct 21 22:29:16 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux

snap version:

$ snap version
snap    2.47.1+20.10.1
snapd   2.47.1+20.10.1
series  16
ubuntu  20.10
kernel  5.8.0-26-generic

ogra · November 4, 2020, 11:30am

looks like pawel is on the right track here …

pstolowski · November 4, 2020, 1:57pm

Hmmm, so this seems to be related to use of ubuntu user with sudo, compare the two lxc exec commands for the same container:

pawel@pawel-virtual-machine:~$ lxc exec u4 -- /bin/bash
root@u4:~# ls -l /snap/core18
total 0
drwxr-xr-x 24 root root 0 Sep 29 10:45 1932
lrwxrwxrwx  1 root root 4 Nov  3 11:33 current -> 1932
root@u4:~# exit

pawel@pawel-virtual-machine:~$ lxc exec u4 -- sudo --user ubuntu --login
To run a command as administrator (user "root"), use "sudo <command>".
See "man sudo_root" for details.

ubuntu@u4:~$ ls -l /snap/core18
ls: cannot access '/snap/core18/1932': Permission denied
total 0
d????????? ? ?    ?    ?            ? 1932
lrwxrwxrwx 1 root root 4 Nov  3 11:33 current -> 1932

stgraber · November 4, 2020, 2:33pm

Not seeing this problem here:

root@lxd-build:~# sudo --user ubuntu --login
To run a command as administrator (user "root"), use "sudo <command>".
See "man sudo_root" for details.

ubuntu@lxd-build:~$ ls -l /snap/
total 16
-r--r--r-- 1 root root 548 Sep 24 15:24 README
drwxr-xr-x 2 root root   7 Nov  4 14:31 bin
drwxr-xr-x 3 root root   4 Nov  4 14:31 chromium
drwxr-xr-x 4 root root   5 Oct 20 17:43 core
drwxr-xr-x 3 root root   4 Nov  4 14:29 core18
drwxr-xr-x 4 root root   5 Oct 19 15:48 go
drwxr-xr-x 3 root root   4 Nov  4 14:29 gtk-common-themes
ubuntu@lxd-build:~$ ls -l /snap/core18/
total 1
drwxr-xr-x 24 root root 0 Sep 29 10:45 1932
lrwxrwxrwx  1 root root 4 Nov  4 14:29 current -> 1932

Can you show ps fauxww in that container as well as uname -a?
Also lxc config show --expanded NAME for that container.