LXD, Multipass permission errors on Arch

Ever since the 4.0 LXD upgrade I haven’t been able to run any related commands (lxc, lxd) and trying to build with snapcraft --use-lxd fails.

The lxd command fails with /snap/lxd/15564/commands/lxd: 6: exec: aa-exec: Permission denied and when trying to use snapcraft it fails with a permission error trying to connect to /var/snap/lxd/common/lxd/unix.socket even though that file is in the lxd group with a 660 permission and my user is also in the lxd group.

These are my logs related to snapd:

Jun 21 23:52:07 colemanpc systemd[1]: Starting Snappy daemon...
Jun 21 23:52:07 colemanpc snapd[1348]: AppArmor status: apparmor is enabled but some kernel features are missing: dbus, network
Jun 21 23:52:08 colemanpc snapd[1348]: daemon.go:379: started snapd/2.39.2-1 (series 16; classic; devmode) arch/ (amd64) linux/5.6.15-arch1-1.
Jun 21 23:52:08 colemanpc systemd[1]: Started Snappy daemon.
Jun 22 10:29:26 colemanpc snapd[1348]: stateengine.go:102: state ensure error: cannot decode new commands catalog: got unexpected HTTP status code 429 via GET to "https://api.snapcraft.io/api/v1/snaps/names?confinement=strict%2Cclassic"
Jun 22 10:59:28 colemanpc snapd[1348]: storehelpers.go:441: cannot refresh: snap has no updates available: "core", "core18", "gnome-3-28-1804", "gtk-common-themes", "lxd", "multipass", "slack", "snapcraft"
Jun 22 10:59:28 colemanpc snapd[1348]: autorefresh.go:389: auto-refresh: all snaps are up-to-date
Jun 22 11:17:31 colemanpc snapd[1348]: kernel_os.go:198: cannot get boot settings: cannot determine bootloader
Jun 22 11:20:52 colemanpc runuser[7142]: pam_unix(runuser:session): session opened for user cenomla by (uid=0)
Jun 22 11:20:52 colemanpc runuser[7142]: pam_unix(runuser:session): session closed for user cenomla
Jun 22 11:21:57 colemanpc snapd[1348]: daemon.go:191: polkit error: Authorization requires interaction
Jun 22 11:22:48 colemanpc snapd[1348]: daemon.go:191: polkit error: Authorization requires interaction
Jun 22 11:22:56 colemanpc snapd[1348]: api.go:1079: Installing snap "lxd" revision unset
Jun 22 11:24:16 colemanpc snapd[1348]: storehelpers.go:441: cannot refresh:
Jun 22 11:24:16 colemanpc snapd[1348]: snap has no updates available: "core", "core18", "gnome-3-28-1804", "gtk-common-themes", "multipass", "slack", "snapcraft"
Jun 22 11:24:16 colemanpc snapd[1348]: no snap revision available as specified: "lxd"

On a related note I also cannot build using multipass and running snapcraft with the --use-lxd flag gives this error:

launch failed: The following errors occurred:
qemu-system-x86_64: -netdev tap,id=hostnet0,ifname=tap-58393fac130,script=no,downscript=no: could not open /dev/net/tun: Operation not permitted
snapcraft: shutdown called while starting
An error occurred with the instance when trying to launch with 'multipass': returned exit code 2.
Ensure that 'multipass' is setup correctly and try again.

The multipass issue seems to be tracked on https://github.com/canonical/multipass/issues/1610

@mborzecki do you have any insight on the LXD issue?

this is a rather old snapd version, can you upgrade the version of snapd you are using?

To start with, can you update snapd to the version in AUR? Currently it’s at 2.45.1, yours is 2.39. There has been quite a lot of changes in between the versions.

I’m using LXD latest track (at 4.2 currently). So far I have not seen any significant issues when using snapcraft with --use-lxd, aside from my snaps failing to build due to other reasons. Pretty much the same goes for multipass, which works out of the box.

I think that in order to debug this further, you need to update the snapd package and make sure that the rest of the system is up to date as well. IIRC 2.36 was the first release in AUR that had AppArmor enabled, so it’s important to verify that snapd.apparmor.service is enabled and started.

As far as group membership goes, check that id -Gn reports that you are a member of the lxd group. If you added yourself to the group but have not logged out and back in, it is likely that your shell process is not yet a member of the group.

I was able to reproduce the multipass issue yesterday in an Arch VM. I also reproduced the LXD issue, but after adding my user to the group and a logout/login the LXD issue was resolved.

I booted my Arch VM again today to collect more debug info for the multipass issue, but it’s working fine for me now. I didn’t capture my snapd version yesterday, but today it’s 2.44.3.

When multipass fails starting qemu, it’s probably useful to see the output of ls -l /dev/net/tun. The permission bits are 0666 here and I do not reall having tweaked anything in that area.

I updated my snapd and that seems to have clears all of my LXD issues up.