Running snaps inside docker containers

I recently had to make running snaps inside docker containers work and blogged about it here

You can grab the setup script (Dockerfile inside) at https://github.com/ogra1/snapd-docker

Please note that this should not be used in sensible production environments.
The setup of the container disables apparmor and seccomp inside the container and snaps might be able to break out of their confinement into the container.

That said, I think it will still be helpful for development or functional tests in a self maintained CI setup at home. Which is why i left this post here.

4 Likes

Nice, thanks for this! I think you can drop all the -i (interactive) options in the docker exec examples of the blogpost, probably the -t (allocate pseudotty) too.

thanks a lot! fixed …

Do you know if this space has evolved at all since 2017? Is it now any easier to run snaps inside docker containers?

these scripts are really old and i have not used them since shortly after i created them. docker changed a lot since and i am not sure snapd can even be started inside the container at all anymore.

1 Like

It would be really interesting to know if there is a way to make running Snaps in Docker containers work properly with current versions of everything (even just within recent Ubuntu Docker images). I believe @stgraber did a lot of work to make this work in LXD.

Snapd in Docker also has some interesting discussion.

I was discussing this today with somebody trying to install a recent version of Node on Ubuntu 18.04 Docker containers. Snaps work really well for this on normal Ubuntu (with different channels available etc), but he could not make them work within Docker. That use case would require something that preserved the security enough for production environments.

I would also be interested in whether anyone has made this work recently disabling some confinement as @ogra mentioned in his original post. Currently for testing snaps I use LXD containers, which are less familiar to others working on the project and are not supported by all CI/CD platforms.