Ambiguous Configuration Edit Methods with YAML Files

[MichaelThamm]

Required information

• Distribution: Ubuntu
• Distribution version: 22.04.4 LTS (Jammy Jellyfish)
• The output of "snap list --all lxd core20 core22 core24 snapd":

  Name    Version      Rev    Tracking       Publisher   Notes
  core20  20240227     2264   latest/stable  canonical✓  base,disabled
  core20  20240416     2318   latest/stable  canonical✓  base
  core22  20240111     1122   latest/stable  canonical✓  base,disabled
  core22  20240408     1380   latest/stable  canonical✓  base
  lxd     6.1-c14927a  29551  latest/stable  canonical✓  -
  snapd   2.63         21759  latest/stable  canonical✓  snapd
  snapd   2.62         21465  latest/stable  canonical✓  snapd,disabled

• The output of "lxc info" or if that fails: lxd-info.txt

Issue description

According to the How to use profiles docs, it should be possible to edit a profile by passing in a YAML file like so:

Alternatively, you can create a YAML file (for example, profile.yaml) with the configuration and write the configuration to the profile with the following command: lxc profile edit < profile.yaml

However, this results in error:

lxc profile edit test-iac < ~/Code/LXD-IaC/vm-profile.yaml
Error: read /dev/stdin: permission denied

Alternatively, this approach does work:

cat vm-profile.yaml | lxc profile edit test-iac

If this is a snap limitation then the docs would need updating.

Steps to reproduce

1. Step one

   lxc profile create test-iac
   Profile test-iac created

2. Step two

   lxc profile edit test-iac < ~/<path_to_profile>/vm-profile.yaml
   Error: read /dev/stdin: permission denied

Information to attach

• [ ] Profile configuration (lxc profile show test-iac) lxd-info.txt

[MichaelThamm]

When placing the vm-profile.yaml in the snap's common directory, the following command still lacks permissions:

lxc profile edit test-iac < ~/snap/lxd/common/vm-profile.yaml 
Error: read /dev/stdin: permission denied

[simondeziel]

@MichaelThamm I couldn't reproduce the issue in a local Jammy VM:

ubuntu@v1:~$ snap list core24 lxd snapd
Name    Version      Rev    Tracking       Publisher   Notes
core24  20240528     423    latest/stable  canonical✓  base
lxd     git-c795f4d  29770  latest/edge    canonical✓  -
snapd   2.63         21759  latest/stable  canonical✓  snapd

ubuntu@v1:~$ uname -a
Linux v1 5.15.0-1063-kvm #68-Ubuntu SMP Fri Jul 12 08:20:39 UTC 2024 x86_64 x86_64 x86_64 GNU/Linux

ubuntu@v1:~$ lxc profile show default
name: default
description: Default LXD profile
config: {}
devices:
  eth0:
    name: eth0
    network: lxdbr0
    type: nic
  root:
    path: /
    pool: default
    type: disk
used_by: []
ubuntu@v1:~$ lxc profile show default | sed 's/Default/Customized/' > profile.yaml
ubuntu@v1:~$ lxc profile edit default < profile.yaml 
ubuntu@v1:~$ lxc profile show default
name: default
description: Customized LXD profile
config: {}
devices:
  eth0:
    name: eth0
    network: lxdbr0
    type: nic
  root:
    path: /
    pool: default
    type: disk
used_by: []

Could you check in dmesg if there are apparmor denials associated with the failed edit?

[MichaelThamm]

@simondeziel I tried this again on my host and in my charm-dev VM and was not able to reproduce the issue with 2 different snap versions (5.0.3-80aeff7 and 5.21/stable). I am not sure what the difference is in my setup but I assume the issue can be closed, what are your thoughts?

[simondeziel]

I remember running into similar issues (with Juju strictly confined IIRC) but not with LXD. As such, let's close this and please do re-open if you meet it again, thanks!