KaliLinux 2017.1: Install LXD for container

Table of Contents

1 Disable AppArmor

If you have installed AppArmor and appended “apparmor=1 security=apparmor” to kernel parameter, snapd installation will be failed.

$ sudo snap install –beta coreerror: cannot perform the following tasks:- Setup snap “core” (2271) security profiles (cannot setup seccomp for snap “core”: fork/exec /usr/lib/snapd/snap-seccomp: no such file or directory)- Setup snap “core” (2271) security profiles (fork/exec /usr/lib/snapd/snap-seccomp: no such file or directory)

If you install LXD firstly and install AppArmor later, lxc command will be failed. This will cause even if disabling AppArmor profile for snapd.

$ lxcsnap-confine has elevated permissions and is not confined but shouldbe. Refusing to continue to avoid permission escalation attacks.

So disable AppArmor with removing “apparmor=1 security=apparmor” from kernel parameter.

2 Install LXD

The following script will install LXD with snap.

#!/bin/shset -esudo apt install -y snapdsudo systemctl enable snapdsudo systemctl restart snapd# INFO snap “core” has bad plugs or slots: core-support-plug (unknown interface)# snap install core # –beta is not need on 2017/7/17.sudo snap install lxd# Add /snap/bin path to secure_path.sudo sed -e ‘s;secure_path=”(.*)”;secure_path=1:/snap/bin;g’ -i /etc/sudoers# Initialize LXD with NAT network.sudo lxd waitreadycat <<EOF | sudo lxd inityesdefaultdirnoyesyeslxdbr0autoautoEOF# Add lxd group.sudo addgroup –system lxdsudo gpasswd -a “${USER}” lxd# Reboot for updating group.sudo reboot

3 Run container

This can download debian/stretch image and run it. IP address is assigned to container.

$ lxc launch images:debian/stretch debian<snip>$ lxc exec debian ip a s1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWNgroup default qlen 1 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever4: eth0@if5: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueuestate UP group default qlen 1000 link/ether 00:16:3e:3a:14:6f brd ff:ff:ff:ff:ff:ff link-netnsid 0 inet brd scope global eth0 valid_lft forever preferred_lft forever inet6 fd42:b1fe:730e:5b1d:216:3eff:fe3a:146f/64 scope global mngtmpaddr dynamic valid_lft 3593sec preferred_lft 3593sec inet6 fe80::216:3eff:fe3a:146f/64 scope link valid_lft forever preferred_lft foreve

Android | Linux | SDL - Narrow Escape