Linux Filesystem Error: Transaction failed when using LXD

I am a big fan of LXD, a next-generation Linux system container manager and default on Ubuntu. It allows me to run desktop apps or server apps in an isolated environment. Ubuntu provides LXD with robust security in mind. However, this might lead to undesired side effects, such as individual packages under OpenSUSE or CentOS Linux may not be updated. One such package is the filesystem package. Let us see how to fix Error: Transaction failed when you try to update filesystem package under CentOS, OpenSUSE, and other Linux containers running under LXD.

Tutorial details
Difficulty level Easy
Root privileges No
Requirements LXD under Linux
Est. reading time 2m

Linux Filesystem Error: Transaction failed when using LXD

Let us look into the error here. For instance, when using CentOS under LXD, I see:
# dnf update
Here is what I saw:

Last metadata expiration check: 2:31:48 ago on Sat Mar  6 06:03:50 2021.
Dependencies resolved.
===============================================================================
 Package             Architecture    Version             Repository       Size
===============================================================================
Upgrading:
 filesystem          x86_64          3.8-3.el8           baseos          1.1 M
 
Transaction Summary
===============================================================================
Upgrade  1 Package
 
Total download size: 1.1 M
Is this ok [y/N]: y
Downloading Packages:
filesystem-3.8-3.el8.x86_64.rpm                1.8 MB/s | 1.1 MB     00:00    
-------------------------------------------------------------------------------
Total                                          932 kB/s | 1.1 MB     00:01     
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
  Running scriptlet: filesystem-3.8-3.el8.x86_64                           1/1 
  Preparing        :                                                       1/1 
  Upgrading        : filesystem-3.8-3.el8.x86_64                           1/2 
Error unpacking rpm package filesystem-3.8-3.el8.x86_64
  Verifying        : filesystem-3.8-3.el8.x86_64                           1/2 
  Verifying        : filesystem-3.8-2.el8.x86_64                           2/2 
 
Failed:
  filesystem-3.8-2.el8.x86_64            filesystem-3.8-3.el8.x86_64           
 
Error: Transaction failed

Two kinds of LXD containers

LXD allows us to set up two different types of Linux containers:

  1. Privileged containers – Unsafe containers and a user with root in such a container will be able to DoS the host and find ways to escape confinement. It would help if you avoided them at all costs.
  2. Unprivileged containers (default) – Safe containers. It means they operate inside a user namespace, restricting users’ abilities in the Linux container to that of regular users on the host with limited privileges on the devices that the container owns. Protection of the host and prevention of escape is entirely done through Mandatory Access Control such as AppArmor or SElinux. This protection is what is causing the error. Hence, we can temporarily turn off protection. Apply pending updates and turn on the security
    protection.

Fixing “Error: Transaction failed” LXD error and apply patches

To list your all LXD instances, run:
$ lxc list

+------------------+---------+----------------------+-----------------------------------------------+-----------+-----------+
|       NAME       |  STATE  |         IPV4         |                     IPV6                      |   TYPE    | SNAPSHOTS |
+------------------+---------+----------------------+-----------------------------------------------+-----------+-----------+
| archbox          | RUNNING | 10.83.200.161 (eth0) | fd42:87d0:ec52:7d50:216:3eff:fe9d:f205 (eth0) | CONTAINER | 0         |
+------------------+---------+----------------------+-----------------------------------------------+-----------+-----------+
| centos-6         | STOPPED |                      |                                               | CONTAINER | 0         |
+------------------+---------+----------------------+-----------------------------------------------+-----------+-----------+
| centos-7         | STOPPED |                      |                                               | CONTAINER | 0         |
+------------------+---------+----------------------+-----------------------------------------------+-----------+-----------+
| centos-8         | RUNNING | 10.83.200.129 (eth0) | fd42:87d0:ec52:7d50:216:3eff:fe6c:f3ed (eth0) | CONTAINER | 1         |
+------------------+---------+----------------------+-----------------------------------------------+-----------+-----------+
| debian-8-jessie  | STOPPED |                      |                                               | CONTAINER | 0         |
+------------------+---------+----------------------+-----------------------------------------------+-----------+-----------+
| debian-9-stretch | STOPPED |                      |                                               | CONTAINER | 0         |
+------------------+---------+----------------------+-----------------------------------------------+-----------+-----------+
| debian-test      | STOPPED |                      |                                               | CONTAINER | 3         |
+------------------+---------+----------------------+-----------------------------------------------+-----------+-----------+
| fedora-33        | RUNNING | 10.83.200.41 (eth0)  | fd42:87d0:ec52:7d50:216:3eff:fe8c:5088 (eth0) | CONTAINER | 0         |
+------------------+---------+----------------------+-----------------------------------------------+-----------+-----------+
| gentoo           | STOPPED |                      |                                               | CONTAINER | 0         |
+------------------+---------+----------------------+-----------------------------------------------+-----------+-----------+
| gui1604          | STOPPED |                      |                                               | CONTAINER | 0         |
+------------------+---------+----------------------+-----------------------------------------------+-----------+-----------+
| gui-1804-gimp    | RUNNING | 10.83.200.28 (eth0)  | fd42:87d0:ec52:7d50:216:3eff:fea3:9da8 (eth0) | CONTAINER | 0         |
+------------------+---------+----------------------+-----------------------------------------------+-----------+-----------+
| opensuse-15-1    | STOPPED |                      |                                               | CONTAINER | 1         |
+------------------+---------+----------------------+-----------------------------------------------+-----------+-----------+
| oracle-7         | STOPPED |                      |                                               | CONTAINER | 0         |
+------------------+---------+----------------------+-----------------------------------------------+-----------+-----------+

To view the current mode run:
$ lxc config get centos-8 security.privileged
$ lxc config get opensuse-leap security.privileged

Next, set security.privileged to true for instances:
$ lxc config set centos-8 security.privileged true
$ lxc config set opensuse-leap security.privileged true

Restart instances to activate security policy:
$ lxc restart centos-8
$ lxc restart opensuse-leap

Let us gain a root shell for our CentOS 8 container:
$ lxc exec centos-8 bash
Run update using the dnf command:
# dnf update
# exit

For OpenSUSE instance use the zypper command:
$ lxc exec opensuse-leap bash
# zypper up
# exit

Turn it off:
$ lxc config set centos-8 security.privileged false
$ lxc config set opensuse-leap security.privileged false

Finally, again reboot your instances to make sure they come up after reboot and security policy set back to an unprivileged mode:
$ lxc restart centos-8
$ lxc restart opensuse-leap
$ lxc exec centos-8 bash
$ lxc config get centos-8 security.privileged

Linux Filesystem Error: Transaction failed when using LXD error and fix

Summing up

This specific issue is not documented very well. Therefore I wrote this quick post to help others. See LXD documentation for further information.

This entry is 20 of 20 in the LXD Tutorial series. Keep reading the rest of the series:
  1. Install LXD container hypervisor on Ubuntu 16.04 LTS
  2. How to install and setup LXC (Linux Container) on Fedora Linux 26
  3. Set up LXD container under KVM or Xen virtual machine
  4. List VM images in LXD (Linux Containers)
  5. Upgrade LXD containers powered by Ubuntu/Debian or CentOS Linux
  6. Auto start LXD containers at boot time in Linux
  7. Command to rename LXD / LXC container
  8. Run commands on Linux Container (LXD) instance at provision launch time
  9. Use LXD (Linux containers) in a shell script to create VM when the cloud instance launches
  10. Move/migrate LXD VM to another host on Linux
  11. Fedora install and set up LXD
  12. CentOS 7.x install and set up LXD server
  13. Install LXD pure-container hypervisor on Ubuntu 18.04 LTS
  14. Create snapshots with lxc command for LXD
  15. Set up and install LXD on CentOS/RHEL 8
  16. Ubuntu 20.04 LTS install and set up LXD
  17. Full backup and restore LXD containers
  18. Disable firewall and NAT rules on the LXD bridge
  19. Delete or remove LXD container using the lxc
  20. Linux Filesystem Error: Transaction failed solution

🐧 Get the latest tutorials on Linux, Open Source & DevOps via RSS feed or Weekly email newsletter.

🐧 2 comments so far... add one

CategoryList of Unix and Linux commands
Disk space analyzersncdu pydf
File Managementcat
FirewallAlpine Awall CentOS 8 OpenSUSE RHEL 8 Ubuntu 16.04 Ubuntu 18.04 Ubuntu 20.04
Network UtilitiesNetHogs dig host ip nmap
OpenVPNCentOS 7 CentOS 8 Debian 10 Debian 8/9 Ubuntu 18.04 Ubuntu 20.04
Package Managerapk apt
Processes Managementbg chroot cron disown fg jobs killall kill pidof pstree pwdx time
Searchinggrep whereis which
User Informationgroups id lastcomm last lid/libuser-lid logname members users whoami who w
WireGuard VPNAlpine CentOS 8 Debian 10 Firewall Ubuntu 20.04
2 comments… add one
  • JCB Mar 6, 2021 @ 23:53

    I was thinking the Idea of containers is to “never update” but replace with a new container up to date… So I don’t know LXD obviously… Or not, but for instance on docker I have a docker file where I just have say that I want the latest kernel, or app version and to tweak the data on a local share to just shut down and replace with the new up to date kernel or app I may be wrong but it seems to me that it’s something you may used on a dev environnement or even personnal one but not production…

  • LOC Mar 10, 2021 @ 7:23

    Docker is app level container. This is OS level container. Hence the difference.

Leave a Reply

Your email address will not be published.

Use HTML <pre>...</pre> for code samples. Still have questions? Post it on our forum