Please note that this should not be used in sensible production environments.
The setup of the container disables apparmor and seccomp inside the container and snaps might be able to break out of their confinement into the container.
That said, I think it will still be helpful for development or functional tests in a self maintained CI setup at home. Which is why i left this post here.
Nice, thanks for this! I think you can drop all the -i (interactive) options in the docker exec examples of the blogpost, probably the -t (allocate pseudotty) too.
these scripts are really old and i have not used them since shortly after i created them. docker changed a lot since and i am not sure snapd can even be started inside the container at all anymore.
It would be really interesting to know if there is a way to make running Snaps in Docker containers work properly with current versions of everything (even just within recent Ubuntu Docker images). I believe @stgraber did a lot of work to make this work in LXD.
I was discussing this today with somebody trying to install a recent version of Node on Ubuntu 18.04 Docker containers. Snaps work really well for this on normal Ubuntu (with different channels available etc), but he could not make them work within Docker. That use case would require something that preserved the security enough for production environments.
I would also be interested in whether anyone has made this work recently disabling some confinement as @ogra mentioned in his original post. Currently for testing snaps I use LXD containers, which are less familiar to others working on the project and are not supported by all CI/CD platforms.
