snap-confine: revert, with comment, explicit unix deny for nested lxd
While snap-confine itself doesn't require unix rules and therefore all
unix rules are implicitly denied, adding an explicit deny for unix to
silence noisy denials breaks nested lxd when it shouldn't:
$ sudo snap install lxd
$ sudo lxd init
$ sudo lxc launch ubuntu:18.04 c1 -c security.nesting=true
$ lxc exec c1 -- snap install lxd
error: cannot perform the following tasks:
- Start snap "lxd" (12631) services ([start snap.lxd.activate.service]
failed with exit status 1: Job for snap.lxd.activate.service failed
because the control process exited with error code.
Until the cause is determined, do not use an explicit deny for unix.
overlord/snapstate: do not trigger defaults when installing the core snap
Do not trigger the defaults when installing the core snap. This is only done
during seeing, via an explicitly added configure 'core' task.
Otherwise, this leads to a scenarion when on a core device with bases, the
defaults are applied once during seeding, and then again when the core snap is
being installed. This may cause the system config flags to switch back to their
default values.
Signed-off-by: Maciej Borzecki <email address hidden>