n8v8r
January 8, 2019, 11:03pm
1
host
unprivileged guest
system
x86_64
os
ubuntu cosmic
arch linux rolling
kernel
4.18.0-13
sytemd
239-7
240.0-3
Looks like another fine systemd mess coming to lxc.
Just made the mistake and updated the guest’s systemd package to v240 and since then
systemd-networkd.service: Failed to set up mount namespacing: Permission denied
Another arch linux guest with systemd 239.370-1 does not exhibit the issue.
n8v8r
January 10, 2019, 3:44pm
4
Appears to be an AppArmor (apparmor_parser)
issue at the ubuntu host
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1811248
n8v8r
February 7, 2019, 9:11pm
5
Almost one month after the bug been reported there is no traceable development from AppArmor and the issue has meantime a tail riding on the bug
https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1813622
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=030919ba5e4931d6ee576d0259fae67fe4ed9770
It seems that currently the only way to keep unprivileged lxc guests with systemd
v240 alive, other than from the unbuntu distro, is with lxc.apparmor.profile = unconfined
which though defeats the purpose of AppArmor.
n8v8r
April 19, 2019, 2:39pm
6
After having upgraded the host to:
unbuntu disco (19.04) | kernel 5.0.0-13 | aa 2.13.2-9 | systemd 240-6
the issue is still present and no news on the respective bug trackers.
Dnegreira
(David Negreira)
April 19, 2019, 3:12pm
7
Isn’t this an AppArmor issue? Not sure that this is the right forum to send such a reminder IMHO.
n8v8r
April 20, 2019, 12:03pm
8
Not directly, the direct cause for the error is lxc
not allowing such mounts . This is explained in the bug trackers.
Not sure how this is being construed as a reminder, considering this being user forum and the bug trackers are referenced?