3.0.3 - systemd 240.0-3 -networkd.service not starting in unprivileged container

host unprivileged guest
system x86_64
os ubuntu cosmic arch linux rolling
kernel 4.18.0-13
sytemd 239-7 240.0-3

Looks like another fine systemd mess coming to lxc.

Just made the mistake and updated the guest’s systemd package to v240 and since then

systemd-networkd.service: Failed to set up mount namespacing: Permission denied

Another arch linux guest with systemd 239.370-1 does not exhibit the issue.


Appears to be an AppArmor (apparmor_parser) issue at the ubuntu host



Almost one month after the bug been reported there is no traceable development from AppArmor and the issue has meantime a tail riding on the bug



It seems that currently the only way to keep unprivileged lxc guests with systemd v240 alive, other than from the unbuntu distro, is with lxc.apparmor.profile = unconfined which though defeats the purpose of AppArmor.