Debian 9: Install LXD for container

Table of Contents

1 Disable AppArmor

If you have installed AppArmor and appended “apparmor=1 security=apparmor” to kernel parameter, snapd installation will be failed.

$ sudo snap install –beta coreerror: cannot perform the following tasks:- Setup snap “core” (2271) security profiles (cannot setup seccomp for snap “core”: fork/exec /usr/lib/snapd/snap-seccomp: no such file or directory)- Setup snap “core” (2271) security profiles (fork/exec /usr/lib/snapd/snap-seccomp: no such file or directory)

If you install LXD firstly and install AppArmor later, lxc command will be failed. This will cause even if disabling AppArmor profile for snapd.

$ lxcsnap-confine has elevated permissions and is not confined but shouldbe. Refusing to continue to avoid permission escalation attacks.

So disable AppArmor with removing “apparmor=1 security=apparmor” from kernel parameter.

2 Install LXD

The following script will install LXD with snap.

#!/bin/shset -esudo apt install -y snapd# INFO snap “core” has bad plugs or slots: core-support-plug (unknown interface)# snap install core # –beta is not need on 2017/7/17.sudo snap install lxd# Add /snap/bin path to secure_path.sudo sed -e ‘s;secure_path=”(.*)”;secure_path=1:/snap/bin;g’ -i /etc/sudoers# Initialize LXD with NAT network.sudo lxd waitreadycat <<EOF | sudo lxd inityesdefaultdirnoyesyeslxdbr0autoautoEOF# Add lxd group.sudo addgroup –system lxdsudo gpasswd -a “${USER}” lxd# Reboot for updating group.sudo reboot

3 Run container

This can download debian/stretch image and run it. IP address is assigned to container.

$ lxc launch images:debian/stretch debian<snip>$ lxc exec debian ip a s1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWNgroup default qlen 1 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever4: eth0@if5: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueuestate UP group default qlen 1000 link/ether 00:16:3e:29:1e:7d brd ff:ff:ff:ff:ff:ff link-netnsid 0 inet6 fe80::216:3eff:fe29:1e7d/64 scope link tentative valid_lft forever preferred_lft forever

Android | Linux | SDL - Narrow Escape