If I understand correctly, --devmode means that the application is not confined and is
not refreshed. If I omit the option, I get all sorts of permission errors.
How do official snaps from the store differ in that regard? E.g. how does lxd from the snap
store deal with confinement, so that it can work correctly?
I ask because it would be nice to omit the --devmode and handle confinement issues
correctly (i.e. setting the right permissions, etc.) instead of disabling it altogether.
What’s probably happening is that some interfaces your snap relies on are left disconnected.
When you install the LXD snap from the store, snapd will use the corresponding snap declaration assertion to allow additional interfaces to auto-connect. These interfaces modify how LXD will be sandboxed.
We can use the snap known command to print out this declaration (the snap-id field is the one printed by snap info lxd):
As this snap is installed with --dangerous, it is not considered to be the same as the lxd snap from the store and won’t refresh. If there are particular changes you needed to make to LXD, I would suggest trying to get them into the official packages.
INFO: Following '/var/log/syslog'. If have dropped messages, use:
INFO: $ sudo journalctl --output=short --follow --all | sudo snappy-debug
WARN: could not find log mark, is syslog enabled?
I ran sudo service rsyslog restart but it had no effect.
oh !
is your user in the lxd group ? the lxd socket is specifically assigned to that group, so a user who is a member of it should be able to access the socket without permission elevation …