Secure way to build with snapcraft/lxd

Underlying issue: I am looking for a safe way to build and run snaps of other forum users to help with debugging.

If I build using LXD, the snapcraft user seems to need full access to lxd, which indirectly provides root rights and can AFAIU easily be exploited.

Snap can restrict access to the lxd socket as even documented in the blog[1].

I have two questions:

  1. a lxd restricted user can create and run vm/containers via lxc. But it seems that is not enough for snapcraft? Any reason for that?
  2. is snapcraft by default using containers or vms when using lxd?


p.s.: as a workaround: i will try to run snapcraft and the snap inside an lxc vm. Not sure that nesting works.

If you’re skilled enough running arbitrary code inside containers safely, then I feel like you could run snapcraft inside a container using --dangerous-mode which clobbers the host environment rather than use lxd/multipass.

I have run others snapcraft.yml files before but I always inspect it and just use a virtual machine. When I’m finished I revert to the last saved snapshot. I enabled nested virtualization to make it easy to do this.