Security.nesting required to run snaps inside Incus containers?

Hi! I’ve just installed Incus 6.2 on a server of mine running Ubuntu 24.04 and found out that snaps were not running inside containers, because some devpts permission denied error. An example:

pachulo@server:~$ incus launch images:ubuntu/24.04 test-snaps
pachulo@server:~$ incus exec test-snaps -- su --login ubuntu
ubuntu@test-snaps:~$ sudo apt install snapd
ubuntu@test-snaps:~$ sudo snap install hello-world
ubuntu@test-snaps:~$ hello-world
cannot perform operation: mount -t devpts --make-slave --make-private -o acl,relatime,kernmount,iversion,active,nouser,0xffffffff00000000 devpts /dev/pts: Permission denied

I’ve asked in the Linux Containers forum and they suggested that I tried security.nesting=true on the container, which solved the problem.

So I was guessing: is this expected behaviour or a bug somewhere?


1 Like