Error while doing snapshot on LXC unprivilegied container with snap installed

[zorrobiwan]

Hi

I got the following error messages while doing snapshots on my Debian 10 running container

failed to open /snap/core/11187: Permission denied
failed to open /snap/core/11167: Permission denied
failed to open /snap/certbot/1201: Permission denied
failed to open /snap/certbot/1150: Permission denied
failed to open /snap/core20/1026: Permission denied
failed to open /snap/core20/975: Permission denied
TASK OK

Snapshot *seems* to be ok as I can rollback. But I don't know why I got these messages.

Procedure followed:

apt install squashfuse fuse
apt install snapd
snap install core
snap install certbot

>cat /etc/debian_version
10.10

>pct config 9010
arch: amd64
cores: 4
cpulimit: 1
features: nesting=1,fuse=1
hostname: blabla
memory: 4096
net0: name=eth0,bridge=vmbr0,firewall=1,gw=**,hwaddr=02:00:00:de:5d:13,ip=**/32,type=veth
ostype: debian
parent: snap3
rootfs: local-zfs:subvol-9010-disk-0,size=0T
swap: 0
unprivileged: 1

pveversion -v
proxmox-ve: 6.4-1 (running kernel: 5.4.114-1-pve)
pve-manager: 6.4-9 (running version: 6.4-9/5f5c0e3f)
pve-kernel-5.4: 6.4-3
pve-kernel-helper: 6.4-3
pve-kernel-5.4.119-1-pve: 5.4.119-1
pve-kernel-5.4.114-1-pve: 5.4.114-1
pve-kernel-5.4.106-1-pve: 5.4.106-1
ceph-fuse: 12.2.11+dfsg1-2.1+b1
corosync: 3.1.2-pve1
criu: 3.11-3
glusterfs-client: 5.5-3
ifupdown: 0.8.35+pve1
ksm-control-daemon: 1.3-1
libjs-extjs: 6.0.1-10
libknet1: 1.20-pve1
libproxmox-acme-perl: 1.1.0
libproxmox-backup-qemu0: 1.0.3-1
libpve-access-control: 6.4-3
libpve-apiclient-perl: 3.1-3
libpve-common-perl: 6.4-3
libpve-guest-common-perl: 3.1-5
libpve-http-server-perl: 3.2-3
libpve-storage-perl: 6.4-1
libqb0: 1.0.5-1
libspice-server1: 0.14.2-4~pve6+1
lvm2: 2.03.02-pve4
lxc-pve: 4.0.6-2
lxcfs: 4.0.6-pve1
novnc-pve: 1.1.0-1
proxmox-backup-client: 1.1.10-1
proxmox-mini-journalreader: 1.1-1
proxmox-widget-toolkit: 2.5-6
pve-cluster: 6.4-1
pve-container: 3.3-5
pve-docs: 6.4-2
pve-edk2-firmware: 2.20200531-1
pve-firewall: 4.1-4
pve-firmware: 3.2-4
pve-ha-manager: 3.1-1
pve-i18n: 2.3-1
pve-qemu-kvm: 5.2.0-6
pve-xtermjs: 4.7.0-3
pve-zsync: 2.2
qemu-server: 6.4-2
smartmontools: 7.2-pve2
spiceterm: 3.1-1
vncterm: 1.6-2
zfsutils-linux: 2.0.4-pve1

Note also:
- if container is stopped, there is no error message
- if I convert the container to a privileged one, snapshots just hang and I have to kill it if container is running. Snapshot is ok if container is stopped

 

[zorrobiwan]

Forget me but by removing fuse from my container it's working :/