Unable to run snapcraft due to Multipass issues

Hi there,

I’m trying to build my first snap but somehow can’t make snapcraft run due to some issues with Multipass.

First, I was missing Multipass, which I then installed after that Multipass was complaining about missing permissions and indeed it was installed for root, so I’ve changed the owner and tried running again, but then Multipass seems to be staring but complains about dnsmasq process timeout.

$ snap install snapcraft --classic  
snapcraft 3.8 from Canonical✓ installed
$ snap install multipass --classic  
multipass 1.0.2 from Canonical✓ installed
$ snapcraft 
Launching a VM.
launch failed: multipass socket access denied                                   
Please check that you have read/write permissions to '/var/snap/multipass/common/multipass_socket'
An error occurred with the instance when trying to launch with 'multipass': returned exit code 2.
Ensure that 'multipass' is setup correctly and try again. 
$ ls -al /var/snap/multipass/common/multipass_socket
srw-rw---- 1 root root 0 12. Jan 13:23 /var/snap/multipass/common/multipass_socket
$ multipass launch 
launch failed: multipass socket access denied                                   
Please check that you have read/write permissions to '/var/snap/multipass/common/multipass_socket'
$ sudo chown dporobic:users /var/snap/multipass/common/multipass_socket
$ multipass launch  
[2020-01-12T13:25:39.013] [error] [dnsmasq] Process operation timed out

launch failed: Multipass dnsmasq failed to start: program: dnsmasq; error: Process operation timed out

Any idea what might be going wrong here? I was following this tutorial which didn’t mention Multipass at all…

Cheers,
Damir

Hi @damir Multipass tries these groups: sudo, adm, admin to add group access to the socket. That’s currently the only way to control who has access to it (we’re working on a better alternative, though).

It looks like your system has none of those. What’s your distro? What’s the default “privileged” group?

Could you also provide more of the output from journalctl -au snap.multipass*, it’s not clear what the dnsmasq issue is just yet…

Hey @Saviq
I’m using openSUSE 15.0 and you’re right, I don’t have does groups:

$ cut -d: -f1 /etc/group | sort | grep "sudo\|adm\|admin"
ntadmin

Not sure about the default privileged group, except root I can’t see anything with special privilege.

Here is the journalctl output:

-- Logs begin at Mon 2020-01-13 21:15:34 CET, end at Mon 2020-01-13 22:15:34 CET. --
Jan 13 22:13:04 linux systemd[1]: Started Service for snap application multipass.multipassd.
Jan 13 22:13:05 linux multipassd[2093]: Unable to determine subnet for the mpqemubr0 subnet
Jan 13 22:13:05 linux multipassd[2093]: Using AppArmor support
Jan 13 22:13:05 linux multipassd[2093]: Loading AppArmor policy: 
                                        
                                        #include <tunables/global>
                                        profile multipass.dnsmasq flags=(attach_disconnected) {
                                          #include <abstractions/base>
                                          #include <abstractions/nameservice>
                                        
                                          capability chown,
                                          capability net_bind_service,
                                          capability setgid,
                                          capability setuid,
                                          capability dac_override,
                                          capability dac_read_search,
                                          capability net_admin,         # for DHCP server
                                          capability net_raw,           # for DHCP server ping checks
                                          network inet raw,
                                          network inet6 raw,
                                        
                                          # Allow multipassd send dnsmasq signals
                                          signal (receive) peer=snap.multipass.multipassd,
                                        
                                          # access to iface mtu needed for Router Advertisement messages in IPv6
                                          # Neighbor Discovery protocol (RFC 2461)
                                          @{PROC}/sys/net/ipv6/conf/*/mtu r,
                                        
                                          # binary and its libs
                                          /snap/multipass/1597/usr/sbin/dnsmasq ixr,
                                          /snap/multipass/1597/{usr/,}lib/@{multiarch}/{,**/}*.so* rm,
                                        
                                          # CLASSIC ONLY: need to specify required libs from core snap
                                          /{,var/lib/snapd/}snap/core18/*/{,usr/}lib/@{multiarch}/{,**/}*.so* rm,
                                        
                                          /var/snap/multipass/common/data/multipassd/network/dnsmasq.leases rw,           # Leases file
                                          /var/snap/multipass/common/data/multipassd/network/dnsmasq.hosts r,             # Hosts file
                                        
                                          /var/snap/multipass/common/data/multipassd/network/dnsmasq.pid w,     # pid file
                                        }
Jan 13 22:13:05 linux multipassd[2405]: Applying AppArmor policy: multipass.dnsmasq
Jan 13 22:13:05 linux multipassd[2093]: 
                                        dnsmasq: cannot read /etc/dnsmasq.conf: Permission denied
Jan 13 22:13:05 linux multipassd[2093]: gRPC listening on unix:/var/snap/multipass/common/multipass_socket, SSL:on
Jan 13 22:13:05 linux multipassd[2093]: QIODevice::write (QFile, "/var/snap/multipass/common/cache/multipassd/vault/multipassd-image-records.json"): device not open
Jan 13 22:13:06 linux multipassd[2093]: Cannot retrieve last modified date for http://cloud-images.ubuntu.com/releases/streams/v1/index.json: Host cloud-images.ubuntu.com not found. Using cached data instead.
Jan 13 22:13:06 linux multipassd[2093]: Cannot retrieve last modified date for http://cloud-images.ubuntu.com/releases/streams/v1/com.ubuntu.cloud:released:download.json: Host cloud-images.ubuntu.com not found. Using cached data instead.
Jan 13 22:13:06 linux multipassd[2093]: Cannot retrieve last modified date for http://cloud-images.ubuntu.com/daily/streams/v1/index.json: Host cloud-images.ubuntu.com not found. Using cached data instead.
Jan 13 22:13:06 linux multipassd[2093]: Cannot retrieve last modified date for http://cloud-images.ubuntu.com/daily/streams/v1/com.ubuntu.cloud:daily:download.json: Host cloud-images.ubuntu.com not found. Using cached data instead.
Jan 13 22:13:06 linux multipassd[2093]: Could not update manifest: failed to download from 'http://cdimage.ubuntu.com/ubuntu-core/16/stable/current/ubuntu-core-16-amd64.img.xz': Host cdimage.ubuntu.com not found
Jan 13 22:13:06 linux multipassd[2093]: Could not update manifest: failed to download from 'http://cloud-images.ubuntu.com/minimal/releases/xenial/release/ubuntu-16.04-minimal-cloudimg-amd64-disk1.img': Host cloud-images.ubuntu.com not found
Jan 13 21:16:49 linux multipassd[2093]: Loading AppArmor policy: 
                                        
                                        #include <tunables/global>
                                        profile multipass.dnsmasq flags=(attach_disconnected) {
                                          #include <abstractions/base>
                                          #include <abstractions/nameservice>
                                        
                                          capability chown,
                                          capability net_bind_service,
                                          capability setgid,
                                          capability setuid,
                                          capability dac_override,
                                          capability dac_read_search,
                                          capability net_admin,         # for DHCP server
                                          capability net_raw,           # for DHCP server ping checks
                                          network inet raw,
                                          network inet6 raw,
                                        
                                          # Allow multipassd send dnsmasq signals
                                          signal (receive) peer=snap.multipass.multipassd,
                                        
                                          # access to iface mtu needed for Router Advertisement messages in IPv6
                                          # Neighbor Discovery protocol (RFC 2461)
                                          @{PROC}/sys/net/ipv6/conf/*/mtu r,
                                        
                                          # binary and its libs
                                          /snap/multipass/1597/usr/sbin/dnsmasq ixr,
                                          /snap/multipass/1597/{usr/,}lib/@{multiarch}/{,**/}*.so* rm,
                                        
                                          # CLASSIC ONLY: need to specify required libs from core snap
                                          /{,var/lib/snapd/}snap/core18/*/{,usr/}lib/@{multiarch}/{,**/}*.so* rm,
                                        
                                          /var/snap/multipass/common/data/multipassd/network/dnsmasq.leases rw,           # Leases file
                                          /var/snap/multipass/common/data/multipassd/network/dnsmasq.hosts r,             # Hosts file
                                        
                                          /var/snap/multipass/common/data/multipassd/network/dnsmasq.pid w,     # pid file
                                        }
Jan 13 21:16:49 linux multipassd[2093]: Removing AppArmor policy: 
                                        
                                        #include <tunables/global>
                                        profile multipass.dnsmasq flags=(attach_disconnected) {
                                          #include <abstractions/base>
                                          #include <abstractions/nameservice>
                                        
                                          capability chown,
                                          capability net_bind_service,
                                          capability setgid,
                                          capability setuid,
                                          capability dac_override,
                                          capability dac_read_search,
                                          capability net_admin,         # for DHCP server
                                          capability net_raw,           # for DHCP server ping checks
                                          network inet raw,
                                          network inet6 raw,
                                        
                                          # Allow multipassd send dnsmasq signals
                                          signal (receive) peer=snap.multipass.multipassd,
                                        
                                          # access to iface mtu needed for Router Advertisement messages in IPv6
                                          # Neighbor Discovery protocol (RFC 2461)
                                          @{PROC}/sys/net/ipv6/conf/*/mtu r,
                                        
                                          # binary and its libs
                                          /snap/multipass/1597/usr/sbin/dnsmasq ixr,
                                          /snap/multipass/1597/{usr/,}lib/@{multiarch}/{,**/}*.so* rm,
                                        
                                          # CLASSIC ONLY: need to specify required libs from core snap
                                          /{,var/lib/snapd/}snap/core18/*/{,usr/}lib/@{multiarch}/{,**/}*.so* rm,
                                        
                                          /var/snap/multipass/common/data/multipassd/network/dnsmasq.leases rw,           # Leases file
                                          /var/snap/multipass/common/data/multipassd/network/dnsmasq.hosts r,             # Hosts file
                                        
                                          /var/snap/multipass/common/data/multipassd/network/dnsmasq.pid w,     # pid file
                                        }
Jan 13 21:16:49 linux multipassd[31560]: Applying AppArmor policy: multipass.dnsmasq
Jan 13 21:16:49 linux multipassd[31560]: QSocketNotifier: Invalid socket 27 and type 'Read', disabling...
Jan 13 21:17:19 linux multipassd[2093]: Process operation timed out

The first error seems to be again a permission issue
-rw-r--r-- 1 root root 26708 12. Okt 2018 /etc/dnsmasq.conf

Ping, anyone? Any idea what could be wrong?

I think @Saviq’s question still remains unanswered: is there a default “privileged group” on OpenSUSE? That is, a group for users who are allowed to perform administrative tasks on the system. I don’t think the “ntadmin” group is it: IIRC, that’s usually related to Samba’s mapping of unix users to Windows network administrators.

I think there is none, I’m not aware of any such group. I believe openSUSE relies on sudo for all administrative task. I didn’t think that ntadmin is that group, it was the only output that contained one of the key words that @Saviq suggested.

Then perhaps you need to run multipass launch and similar commands through sudo, looks like there’s other way around it.

@mborzecki tried that already, didn’t work. I will look tonight into the journalctl log after running it again with sudo.

Do you have the log? Maybe try sudo -i multipass launch or sudo snap run multipass launch.

Yeah I think there’s two issues here:

  1. the socket only being root-writable (but I’m not sure of a way around it without a default privileged group)
  2. some other issue preventing Multipass from launching instances

Looks like the same issue:

-- Logs begin at Tue 2020-01-21 17:50:09 CET, end at Tue 2020-01-21 18:50:08 CET. --
Jan 21 18:49:10 linux systemd[1]: Started Service for snap application multipass.multipassd.
Jan 21 18:49:11 linux multipassd[2125]: Unable to determine subnet for the mpqemubr0 subnet
Jan 21 18:49:11 linux multipassd[2125]: Using AppArmor support
Jan 21 18:49:11 linux multipassd[2125]: Loading AppArmor policy: 
                                        
                                        #include <tunables/global>
                                        profile multipass.dnsmasq flags=(attach_disconnected) {
                                          #include <abstractions/base>
                                          #include <abstractions/nameservice>
                                        
                                          capability chown,
                                          capability net_bind_service,
                                          capability setgid,
                                          capability setuid,
                                          capability dac_override,
                                          capability dac_read_search,
                                          capability net_admin,         # for DHCP server
                                          capability net_raw,           # for DHCP server ping checks
                                          network inet raw,
                                          network inet6 raw,
                                        
                                          # Allow multipassd send dnsmasq signals
                                          signal (receive) peer=snap.multipass.multipassd,
                                        
                                          # access to iface mtu needed for Router Advertisement messages in IPv6
                                          # Neighbor Discovery protocol (RFC 2461)
                                          @{PROC}/sys/net/ipv6/conf/*/mtu r,
                                        
                                          # binary and its libs
                                          /snap/multipass/1597/usr/sbin/dnsmasq ixr,
                                          /snap/multipass/1597/{usr/,}lib/@{multiarch}/{,**/}*.so* rm,
                                        
                                          # CLASSIC ONLY: need to specify required libs from core snap
                                          /{,var/lib/snapd/}snap/core18/*/{,usr/}lib/@{multiarch}/{,**/}*.so* rm,
                                        
                                          /var/snap/multipass/common/data/multipassd/network/dnsmasq.leases rw,           # Leases file
                                          /var/snap/multipass/common/data/multipassd/network/dnsmasq.hosts r,             # Hosts file
                                        
                                          /var/snap/multipass/common/data/multipassd/network/dnsmasq.pid w,     # pid file
                                        }
Jan 21 18:49:11 linux multipassd[2465]: Applying AppArmor policy: multipass.dnsmasq
Jan 21 18:49:11 linux dnsmasq[2465]: cannot read /etc/dnsmasq.conf: Permission denied
Jan 21 18:49:11 linux multipassd[2125]: 
                                        dnsmasq: cannot read /etc/dnsmasq.conf: Permission denied
Jan 21 18:49:11 linux multipassd[2125]: gRPC listening on unix:/var/snap/multipass/common/multipass_socket, SSL:on
Jan 21 18:49:11 linux multipassd[2125]: QIODevice::write (QFile, "/var/snap/multipass/common/cache/multipassd/vault/multipassd-image-records.json"): device not open
Jan 21 18:49:11 linux multipassd[2125]: Cannot retrieve last modified date for http://cloud-images.ubuntu.com/releases/streams/v1/index.json: Host cloud-images.ubuntu.com not found. Using cached data instead.
Jan 21 18:49:11 linux multipassd[2125]: Cannot retrieve last modified date for http://cloud-images.ubuntu.com/releases/streams/v1/com.ubuntu.cloud:released:download.json: Host cloud-images.ubuntu.com not found. Using cached data instead.
Jan 21 18:49:12 linux multipassd[2125]: Cannot retrieve last modified date for http://cloud-images.ubuntu.com/daily/streams/v1/index.json: Host cloud-images.ubuntu.com not found. Using cached data instead.
Jan 21 18:49:12 linux multipassd[2125]: Cannot retrieve last modified date for http://cloud-images.ubuntu.com/daily/streams/v1/com.ubuntu.cloud:daily:download.json: Host cloud-images.ubuntu.com not found. Using cached data instead.
Jan 21 18:49:12 linux multipassd[2125]: Could not update manifest: failed to download from 'http://cdimage.ubuntu.com/ubuntu-core/16/stable/current/ubuntu-core-16-amd64.img.xz': Host cdimage.ubuntu.com not found
Jan 21 18:49:12 linux multipassd[2125]: Could not update manifest: failed to download from 'http://cloud-images.ubuntu.com/minimal/releases/xenial/release/ubuntu-16.04-minimal-cloudimg-amd64-disk1.img': Host cloud-images.ubuntu.com not found
Jan 21 17:54:06 linux multipassd[2125]: Loading AppArmor policy: 
                                        
                                        #include <tunables/global>
                                        profile multipass.dnsmasq flags=(attach_disconnected) {
                                          #include <abstractions/base>
                                          #include <abstractions/nameservice>
                                        
                                          capability chown,
                                          capability net_bind_service,
                                          capability setgid,
                                          capability setuid,
                                          capability dac_override,
                                          capability dac_read_search,
                                          capability net_admin,         # for DHCP server
                                          capability net_raw,           # for DHCP server ping checks
                                          network inet raw,
                                          network inet6 raw,
                                        
                                          # Allow multipassd send dnsmasq signals
                                          signal (receive) peer=snap.multipass.multipassd,
                                        
                                          # access to iface mtu needed for Router Advertisement messages in IPv6
                                          # Neighbor Discovery protocol (RFC 2461)
                                          @{PROC}/sys/net/ipv6/conf/*/mtu r,
                                        
                                          # binary and its libs
                                          /snap/multipass/1597/usr/sbin/dnsmasq ixr,
                                          /snap/multipass/1597/{usr/,}lib/@{multiarch}/{,**/}*.so* rm,
                                        
                                          # CLASSIC ONLY: need to specify required libs from core snap
                                          /{,var/lib/snapd/}snap/core18/*/{,usr/}lib/@{multiarch}/{,**/}*.so* rm,
                                        
                                          /var/snap/multipass/common/data/multipassd/network/dnsmasq.leases rw,           # Leases file
                                          /var/snap/multipass/common/data/multipassd/network/dnsmasq.hosts r,             # Hosts file
                                        
                                          /var/snap/multipass/common/data/multipassd/network/dnsmasq.pid w,     # pid file
                                        }
Jan 21 17:54:06 linux multipassd[2125]: Removing AppArmor policy: 
                                        
                                        #include <tunables/global>
                                        profile multipass.dnsmasq flags=(attach_disconnected) {
                                          #include <abstractions/base>
                                          #include <abstractions/nameservice>
                                        
                                          capability chown,
                                          capability net_bind_service,
                                          capability setgid,
                                          capability setuid,
                                          capability dac_override,
                                          capability dac_read_search,
                                          capability net_admin,         # for DHCP server
                                          capability net_raw,           # for DHCP server ping checks
                                          network inet raw,
                                          network inet6 raw,
                                        
                                          # Allow multipassd send dnsmasq signals
                                          signal (receive) peer=snap.multipass.multipassd,
                                        
                                          # access to iface mtu needed for Router Advertisement messages in IPv6
                                          # Neighbor Discovery protocol (RFC 2461)
                                          @{PROC}/sys/net/ipv6/conf/*/mtu r,
                                        
                                          # binary and its libs
                                          /snap/multipass/1597/usr/sbin/dnsmasq ixr,
                                          /snap/multipass/1597/{usr/,}lib/@{multiarch}/{,**/}*.so* rm,
                                        
                                          # CLASSIC ONLY: need to specify required libs from core snap
                                          /{,var/lib/snapd/}snap/core18/*/{,usr/}lib/@{multiarch}/{,**/}*.so* rm,
                                        
                                          /var/snap/multipass/common/data/multipassd/network/dnsmasq.leases rw,           # Leases file
                                          /var/snap/multipass/common/data/multipassd/network/dnsmasq.hosts r,             # Hosts file
                                        
                                          /var/snap/multipass/common/data/multipassd/network/dnsmasq.pid w,     # pid file
                                        }
Jan 21 17:54:06 linux multipassd[4779]: Applying AppArmor policy: multipass.dnsmasq
Jan 21 17:54:06 linux multipassd[4779]: QSocketNotifier: Invalid socket 32 and type 'Read', disabling...
Jan 21 17:54:36 linux multipassd[2125]: Process operation timed out
Jan 21 17:55:01 linux multipassd[2125]: Loading AppArmor policy: 
                                        
                                        #include <tunables/global>
                                        profile multipass.dnsmasq flags=(attach_disconnected) {
                                          #include <abstractions/base>
                                          #include <abstractions/nameservice>
                                        
                                          capability chown,
                                          capability net_bind_service,
                                          capability setgid,
                                          capability setuid,
                                          capability dac_override,
                                          capability dac_read_search,
                                          capability net_admin,         # for DHCP server
                                          capability net_raw,           # for DHCP server ping checks
                                          network inet raw,
                                          network inet6 raw,
                                        
                                          # Allow multipassd send dnsmasq signals
                                          signal (receive) peer=snap.multipass.multipassd,
                                        
                                          # access to iface mtu needed for Router Advertisement messages in IPv6
                                          # Neighbor Discovery protocol (RFC 2461)
                                          @{PROC}/sys/net/ipv6/conf/*/mtu r,
                                        
                                          # binary and its libs
                                          /snap/multipass/1597/usr/sbin/dnsmasq ixr,
                                          /snap/multipass/1597/{usr/,}lib/@{multiarch}/{,**/}*.so* rm,
                                        
                                          # CLASSIC ONLY: need to specify required libs from core snap
                                          /{,var/lib/snapd/}snap/core18/*/{,usr/}lib/@{multiarch}/{,**/}*.so* rm,
                                        
                                          /var/snap/multipass/common/data/multipassd/network/dnsmasq.leases rw,           # Leases file
                                          /var/snap/multipass/common/data/multipassd/network/dnsmasq.hosts r,             # Hosts file
                                        
                                          /var/snap/multipass/common/data/multipassd/network/dnsmasq.pid w,     # pid file
                                        }
Jan 21 17:55:01 linux multipassd[2125]: Removing AppArmor policy: 
                                        
                                        #include <tunables/global>
                                        profile multipass.dnsmasq flags=(attach_disconnected) {
                                          #include <abstractions/base>
                                          #include <abstractions/nameservice>
                                        
                                          capability chown,
                                          capability net_bind_service,
                                          capability setgid,
                                          capability setuid,
                                          capability dac_override,
                                          capability dac_read_search,
                                          capability net_admin,         # for DHCP server
                                          capability net_raw,           # for DHCP server ping checks
                                          network inet raw,
                                          network inet6 raw,
                                        
                                          # Allow multipassd send dnsmasq signals
                                          signal (receive) peer=snap.multipass.multipassd,
                                        
                                          # access to iface mtu needed for Router Advertisement messages in IPv6
                                          # Neighbor Discovery protocol (RFC 2461)
                                          @{PROC}/sys/net/ipv6/conf/*/mtu r,
                                        
                                          # binary and its libs
                                          /snap/multipass/1597/usr/sbin/dnsmasq ixr,
                                          /snap/multipass/1597/{usr/,}lib/@{multiarch}/{,**/}*.so* rm,
                                        
                                          # CLASSIC ONLY: need to specify required libs from core snap
                                          /{,var/lib/snapd/}snap/core18/*/{,usr/}lib/@{multiarch}/{,**/}*.so* rm,
                                        
                                          /var/snap/multipass/common/data/multipassd/network/dnsmasq.leases rw,           # Leases file
                                          /var/snap/multipass/common/data/multipassd/network/dnsmasq.hosts r,             # Hosts file
                                        
                                          /var/snap/multipass/common/data/multipassd/network/dnsmasq.pid w,     # pid file
                                        }
Jan 21 17:55:01 linux multipassd[2125]: QProcess: Destroyed while process ("dnsmasq") is still running.
Jan 21 17:55:01 linux multipassd[4870]: Applying AppArmor policy: multipass.dnsmasq
Jan 21 17:55:01 linux multipassd[4870]: QSocketNotifier: Invalid socket 31 and type 'Read', disabling...
Jan 21 17:55:31 linux multipassd[2125]: Process operation timed out

Tried running sudo -i multipass launch and sudo snap run multipass launch

What are my options here? This blocks my efforts to bring my application to snapcraft totally :frowning:

Any alternative to using a VM with Ubuntu running on it?

Hey, we just fixed this /etc/dnsmasq.conf issue in #1471.

You can snap refresh multipass --edge to get that.

Great news, hhanks for letting me know, will try it out.

Got the same problem on Fedora, which uses wheel group.

✗ snapcraft
WARNING: cgroup v2 is not fully supported yet, proceeding with partial confinement
Launching a VM.
Project base changed from None to 'core18', cleaning build instance.
WARNING: cgroup v2 is not fully supported yet, proceeding with partial confinement
delete failed: multipass socket access denied
Please check that you have read/write permissions to '/var/snap/multipass/common/multipass_socket'
An error occurred with the instance when trying to delete with 'multipass': returned exit code 2.
Ensure that 'multipass' is setup correctly and try again.
✗ groups
anatoli wheel lxd libvirt docker
✗ ls -la /var/snap/multipass/common/multipass_socket
srw-rw----. 1 root adm 0 May 26 20:42 /var/snap/multipass/common/multipass_socket
✗ snapcraft --version
WARNING: cgroup v2 is not fully supported yet, proceeding with partial confinement
snapcraft, version 4.0.2
✗ multipass --version
WARNING: cgroup v2 is not fully supported yet, proceeding with partial confinement
multipass  1.3.0-dev.55+gb82d487

https://github.com/canonical/multipass/pull/1559 fixes the issue on Fedora by prioritizing wheel group instead of adm.