snap-confine: revert, with comment, explicit unix deny for nested lxd
While snap-confine itself doesn't require unix rules and therefore all unix rules are implicitly denied, adding an explicit deny for unix to silence noisy denials breaks nested lxd when it shouldn't:
$ sudo snap install lxd $ sudo lxd init $ sudo lxc launch ubuntu:18.04 c1 -c security.nesting=true $ lxc exec c1 -- snap install lxd error: cannot perform the following tasks: - Start snap "lxd" (12631) services ([start snap.lxd.activate.service] failed with exit status 1: Job for snap.lxd.activate.service failed because the control process exited with error code.
Until the cause is determined, do not use an explicit deny for unix.
overlord/snapstate: do not trigger defaults when installing the core snap
Do not trigger the defaults when installing the core snap. This is only done during seeing, via an explicitly added configure 'core' task.
Otherwise, this leads to a scenarion when on a core device with bases, the defaults are applied once during seeding, and then again when the core snap is being installed. This may cause the system config flags to switch back to their default values.
Signed-off-by: Maciej Borzecki <email address hidden>
