Layouts still brittle when refreshing snaps

lucyllewy · August 27, 2021, 6:32pm

I’ve noticed many occasions where snapd is unable to refresh a snap with symptoms similar to this, which I just encountered when refreshing docker:

- Setup snap "docker" (1125) security profiles (cannot update mount namespace of snap "docker": cannot update preserved namespace of snap "docker": cannot update snap namespace: cannot create symlink in "/etc/docker": existing file in the way)

Any idea what’s causing these errors (it’s not just docker, but any snap that uses layouts hits this occasionally) or how to fix it?

pbourdon · August 29, 2021, 1:37pm

I have the same exact issue. If anyone could shed some light, diddledani and I would greatly appreciated it…

hlogmans · August 30, 2021, 7:25am

In /etc/docker there is a file key.json, that is recreated after starting docker. Somehow this key is in the way. I deleted it and then sudo snap refresh. Now everything is working again.

See https://stackoverflow.com/questions/47573820/what-is-etc-docker-key-json for explanation about the key.json file, and why it can be deleted without problem.

jgb · September 6, 2021, 2:19am

As @hlogmans suggested, you do need to remove that key.json file, but you also need to remove the directory /etc/docker too. So the steps are:

sudo rm -rf /etc/docker
sudo snap refresh

Cheers,
-J

jamesh · September 6, 2021, 6:01am

I think this was likely caused by the following change:

In particular, it changes /etc/docker from a directory bind to a symlink. If the host system has a /etc/docker directory present, then the layouts code will fail to place a symlink at the location. It might also fail if /etc/docker had been created as a directory in the mount namespace created by the previous revision of the snap, when trying to update that mount namespace.

It looks like this particular change has been reverted, with the fix likely being available on the edge channel now: