LXD is a new set of tools to manage containers under the LXC layer. It seems it might fit for a personal test/dev environment, where Vagrant might be too much. Unfortunately installing on Fedora is a bit odd.
There is no native package in Fedora’s main reposities yet. There is a COPR repo that hasn’t been maintained in over a year, and appears to support up to Fedora 26. LXD a Canonical product, it seems the current supported method is through Snap, but there are a couple quirks along the way.
Snap fortunately at least, has a native package in Fedora, so we can easily
yum -y install snapd
Now we wait a few seconds for snap to synchronize, else we get an
error: too early for operation, device not yet seeded or device model not acknowledged
Once snapd synchronizes, we can attempt an install of LXD
sudo snap install lxd
And then we get an error
error: cannot perform the following tasks:
- Start snap "lxd" (12181) services ([start snap.lxd.daemon.unix.socket] failed with exit status 1: Job for snap.lxd.daemon.unix.socket failed.
See "systemctl status snap.lxd.daemon.unix.socket" and "journalctl -xe" for details.
)
This appears to be an SELinux issue. Technically we can disable SELinux temporarily, but this seems like a bad idea, when instead we can create an SELinux module.
If we run
sudo ausearch -m avc -ts recent
We should see some output like such:
----
time->Tue Oct 15 13:21:37 2019
type=AVC msg=audit(1571167297.400:2105): avc: denied { unmount } for pid=16397 comm="snap-confine" scontext=system_u:system_r:snappy_confine_t:s0 tcontext=system_u:object_r:tmpfs_t:s0 tclass=filesystem permissive=1
----
time->Tue Oct 15 13:21:37 2019
type=AVC msg=audit(1571167297.590:2106): avc: denied { create } for pid=1 comm="systemd" name="unix.socket" scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:var_t:s0 tclass=sock_file permissive=0
----
We can then pipe these lines into audit2allow
, and get a policy package:
sudo audit2allow -M snap <<\EOF
> ----
> time->Tue Oct 15 13:21:37 2019
> type=AVC msg=audit(1571167297.400:2105): avc: denied { unmount } for pid=16397 comm="snap-confine" scontext=system_u:system_r:snappy_confine_t:s0 tcontext=system_u:object_r:tmpfs_t:s0 tclass=filesystem permissive=1
> ----
> time->Tue Oct 15 13:21:37 2019
> type=AVC msg=audit(1571167297.590:2106): avc: denied { create } for pid=1 comm="systemd" name="unix.socket" scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:var_t:s0 tclass=sock_file permissive=0
> ----
Install the module with sudo semodule -i snap.pp
and attempt another install of LXD with sudo snap install lxd
, which should now complete successfully.