Docker Snap This repository contains the source for the docker snap package. The package provides a distribution of Docker Community Edition (CE) for Ubuntu Core 16 (and other snap-compatible) systems. Docker Images; USN-4728-1: snapd vulnerability. 10 February 2021. An intended access restriction in snapd could be bypassed by container management snaps.

1. Snapdrop Docker
2. Docker Snapd
3. Docker Vs Snapd

• Both snapd and docker require significant access to tuning the underlying operating system so that the applications running on top of them can be confined. It’ll definitely take some experimentation and tweaking cycles, probably on both ends, to be able to make that work reliably. 1 Like sergiusens April 6, 2017, 5:45pm #4.
• This topic describes the Docker and Snap prerequisites for the Connector on Ubuntu and RedHat. What are Snap and Docker? Docker is a set of platforms that uses OS-level virtualization to deliver software in packages called containers.

This topic describes the Docker and Snap prerequisites for the Connector on Ubuntu and RedHat.

What are Snap and Docker?

Docker is a set of platforms that uses OS-level virtualization to deliver software in packages called containers. For more details, see https://www.docker.com/.

Snap is a software deployment and package management system developed by Canonical for the Linux operating system. For more details, see https://snapcraft.io/.

Prerequisites for Ubuntu

For more details about installing Docker on Ubuntu, see https://docs.docker.com/install/linux/docker-ce/ubuntu/.

1. Update the Docker apt package index:

2. Install packages to allow apt to use a repository over HTTPS:

   You may be prompted for - sudo dpkg --configure -a

   If the following screen appears, select Yes.

3. Add Docker’s official GPG key:

4. Use the following command to set up the stable repository:

5. Update the apt package index:

6. Install the latest version of Docker:

7. Verify that Docker is installed correctly:

In Ubuntu 18.04, Snap is installed by default so you can use it immediately.

Prerequisites for RedHat

For more details about installing Docker on RedHat, see https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux_atomic_host/7/html-single/getting_started_with_containers/index#getting_docker_in_rhel_7.

1. Enable the following repositories, which will allow you to install the docker package and related software:

   Make sure you specify the code exactly as it appears in the above example.

2. Install Docker:

3. Start docker:

4. Enable docker:

5. Verify that Docker is installed correctly:

For more details about installing Snap on RedHat, see https://snapcraft.io/docs/installing-snap-on-red-hat.

1. Add the Extra Packages for Enterprise Linux (EPEL) repository to your RHEL 7 system with the following command:

2. Add the optional and extras repositories:

3. Install the snapd package:

4. Enable the systemd unit that manages the main snap communication socket:

5. Run the following command to enable classic snap support and create a symbolic link between /var/lib/snapd/snap and /snap:

6. Verify that Snap is installed correctly:

I recently had to help setting up an image build environment for UbuntuCore images for someone who only allows docker as infrastructure.

When wanting to build an image from a blessed model assertion for i.e. the pi2, pi3 or dragonboard you need to use the “snap known” command (see below for the full syntax) to download the canonical signed assertion. The snap command requires snapd to run inside your container. To build images we need to use ubuntu-image which is also provided as a snap, so we not only want snapd to run for the “snap” command, but we also want the container to be able to execute snaps we install. After quite a bit back and forth and disabling quite a few security features inside the container setup, i came up with https://github.com/ogra1/snapd-docker which is a simple build script for setting up a container that can execute snaps.

I hope people needing to use docker and wanting to use snaps inside containers find this helpful … pull requests for improvements of the script or documentation will be happily reviewed on github.

Here the README.md of the tree:

Snapdrop Docker

Create and run a docker container that is able to run snap packages

Docker Snapd

This script allows you to create docker containers that are able to run and
build snap packages.

WARNING NOTE: This will create a container with security options disabled, this is an unsupported setup, if you have multiple snap packages inside the same container they will be able to break out of the confinement and see each others data and processes. Use this setup to build or test single snap packages but do not rely on security inside the container.

Examples

Creating a container with defaults (image: snapd, container name: snappy):

If you want to create subsequent other containers using the same image, use the –containername option with a subsequent run of the ./build.sh script.

Installing and running a snap package:

This will install the htop snap and will show the running processes inside the container after connecting the right snap interfaces.

Building snaps using the snapcraft snap package (using the default “snappy” name):

Install some required debs, install the snapcraft snap package to build snap packages, pull some remote branch and build a snap from it using the snapcraft command.

Building an UbuntuCore image for a RaspberryPi3:

Docker Vs Snapd

Install some debs required to work around a bug in the ubuntu-image classic snap, install ubuntu-image, retrieve the model assertion for a pi3 image using the “snap known” command and build the image using ubuntu-image.