You have been subscribed to a public bug by Marc Oppenheimer (marcoppenheimer):
##### Context I'm on a non-Ubuntu OS (Arch), trying to use Juju on LXD. In doing so, Juju uses a snap inside an LXD container, and so needs the system to support nested AppArmor profiles. `juju-db` is the snap in question, if that helps. ##### Issue When I try to do this, I get a bunch of AppArmor violations, that go way over my head. It's not clear to me what is causing these, but I **suspect** that Ubuntu patches some host-system AppArmor profiles to support this use-case, that isn't replicated on other OSs? Not sure, and I don't know who to ask or where to look. ##### Logs + Additional Info `snappy-debug` journalctl logs - https://pastebin.canonical.com/p/N5wxYggMyz/ A rough grab from dmesg - https://pastebin.canonical.com/p/4JhTX38GBF/ Snapd installed using - https://aur.archlinux.org/cgit/aur.git/tree/PKGBUILD?h=snapd `juju-db` snap - https://github.com/juju/juju-db-snap/tree/5.3 `usr.lib.snapd.snap-confine` default on Arch, in case it's useful - https://pastebin.canonical.com/p/84WGfgrCz6/ ##### Reproduce Steps Assuming you're running on a vanilla (minimal tweaking) Arch machine with AppArmor enabled: ``` cd /tmp && git clone https://aur.archlinux.org/snapd.git && cd snapd makepkg -si sudo systemctl enable --now snapd.socket # log-out, log-in sudo snap install lxd --channel latest/edge lxd init --auto sudo snap install juju --channel 3.3/stable juju bootstrap localhost lh --debug --bootstrap-timeout=180 # check snappy-debug or dmesg for AppArmor denials ``` ** Affects: snapd Importance: Undecided Status: New -- AppArmor blocking snap install nested in LXD container https://bugs.launchpad.net/bugs/2049099 You received this bug notification because you are a member of AppArmor Developers, which is subscribed to the bug report.
