Still the same problem here with the most recent Ubuntu noble image (20240425_07:42). When I add lxc.init.cmd = /sbin/init --log-level=debug --default_standard_output=journal+console to my lxc config, I get the following output from systemd:
$ lxc-start -F -n dimtest-ubu24-1
systemd 255.4-1ubuntu8 running in system mode (+PAM +AUDIT +SELINUX +APPARMOR +IMA +SMACK +SECCOMP +GCRYPT -GNUTLS +OPENSSL +ACL +BLKID +CURL +ELFUTILS +FIDO2 +IDN2 -IDN +IPTC +KMOD +LIBCRYPTSETUP +LIBFDISK +PCRE2 -PWQUALITY +P11KIT +QRENCODE +TPM2 +BZIP2 +LZ4 +XZ +ZLIB +ZSTD -BPF_FRAMEWORK -XKBCOMMON +UTMP +SYSVINIT default-hierarchy=unified)
Detected virtualization lxc.
CPUID func 1 0
CPUID result 50657 8000800 fffa3223 f8bfbff
CPUID is hypervisor: yes
CPUID func 0 0
CPUID result d 756e6547 6c65746e 49656e69
CPUID sig 'GenuineIntel'
CPUID func 80000000 0
CPUID result 80000008 756e6547 6c65746e 49656e69
CPUID func 21 0
CPUID result 2ff a88 a88 0
CPUID sig 'n/a'
Detected architecture x86-64.
Detected initialized system, this is not the first boot.
Kernel version 6.5.0-28-generic, our baseline is 4.15
Mounting cgroup to /sys/fs/cgroup/misc of type cgroup with options misc.
Mounting cgroup (cgroup) on /sys/fs/cgroup/misc (MS_NOSUID|MS_NODEV|MS_NOEXEC "misc")...
Mounting cgroup to /sys/fs/cgroup/perf_event of type cgroup with options perf_event.
Mounting cgroup (cgroup) on /sys/fs/cgroup/perf_event (MS_NOSUID|MS_NODEV|MS_NOEXEC "perf_event")...
Mounting cgroup to /sys/fs/cgroup/net_cls,net_prio of type cgroup with options net_cls,net_prio.
Mounting cgroup (cgroup) on /sys/fs/cgroup/net_cls,net_prio (MS_NOSUID|MS_NODEV|MS_NOEXEC "net_cls,net_prio")...
Mounting cgroup to /sys/fs/cgroup/devices of type cgroup with options devices.
Mounting cgroup (cgroup) on /sys/fs/cgroup/devices (MS_NOSUID|MS_NODEV|MS_NOEXEC "devices")...
Mounting cgroup to /sys/fs/cgroup/blkio of type cgroup with options blkio.
Mounting cgroup (cgroup) on /sys/fs/cgroup/blkio (MS_NOSUID|MS_NODEV|MS_NOEXEC "blkio")...
Mounting cgroup to /sys/fs/cgroup/cpu,cpuacct of type cgroup with options cpu,cpuacct.
Mounting cgroup (cgroup) on /sys/fs/cgroup/cpu,cpuacct (MS_NOSUID|MS_NODEV|MS_NOEXEC "cpu,cpuacct")...
Mounting cgroup to /sys/fs/cgroup/cpuset of type cgroup with options cpuset.
Mounting cgroup (cgroup) on /sys/fs/cgroup/cpuset (MS_NOSUID|MS_NODEV|MS_NOEXEC "cpuset")...
Mounting cgroup to /sys/fs/cgroup/memory of type cgroup with options memory.
Mounting cgroup (cgroup) on /sys/fs/cgroup/memory (MS_NOSUID|MS_NODEV|MS_NOEXEC "memory")...
Mounting cgroup to /sys/fs/cgroup/hugetlb of type cgroup with options hugetlb.
Mounting cgroup (cgroup) on /sys/fs/cgroup/hugetlb (MS_NOSUID|MS_NODEV|MS_NOEXEC "hugetlb")...
Mounting cgroup to /sys/fs/cgroup/freezer of type cgroup with options freezer.
Mounting cgroup (cgroup) on /sys/fs/cgroup/freezer (MS_NOSUID|MS_NODEV|MS_NOEXEC "freezer")...
Mounting cgroup to /sys/fs/cgroup/rdma of type cgroup with options rdma.
Mounting cgroup (cgroup) on /sys/fs/cgroup/rdma (MS_NOSUID|MS_NODEV|MS_NOEXEC "rdma")...
Mounting cgroup to /sys/fs/cgroup/pids of type cgroup with options pids.
Mounting cgroup (cgroup) on /sys/fs/cgroup/pids (MS_NOSUID|MS_NODEV|MS_NOEXEC "pids")...
No credentials passed from initrd.
Acquired 0 regular credentials, 0 untrusted credentials.
Welcome to Ubuntu 24.04 LTS!
Hostname was already set to <dimtest-ubu24-1>.
127.0.0.1 has already been added to loopback interface
::1 has already been added to loopback interface
Successfully brought loopback interface up
Setting '/proc/sys/net/unix/max_dgram_qlen' to '512'
Setting '/proc/sys/fs/file-max' to '9223372036854775807'
RLIMIT_MEMLOCK is already as high or higher than we need it, not bumping.
Found cgroup on /sys/fs/cgroup/systemd, legacy hierarchy
Using cgroup controller name=systemd. File system hierarchy is at /sys/fs/cgroup/systemd.
bpf-firewall: Not running with unified cgroup hierarchy, BPF firewalling is not supported.
Not running with unified cgroups, BPF device control is not supported.
Controller 'cpu' supported: no
Controller 'cpuacct' supported: no
Controller 'cpuset' supported: no
Controller 'io' supported: no
Controller 'blkio' supported: no
Controller 'memory' supported: yes
Controller 'devices' supported: no
Controller 'pids' supported: no
Controller 'bpf-firewall' supported: no
Controller 'bpf-devices' supported: no
Controller 'bpf-foreign' supported: no
Controller 'bpf-socket-bind' supported: no
Controller 'bpf-restrict-network-interfaces' supported: no
Set up TFD_TIMER_CANCEL_ON_SET timerfd.
Enabling (yes) showing of status (command line).
Successfully forked off '(sd-gens)' as PID 22.
PR_SET_MM_ARG_START failed: Operation not permitted
Failed to remount root directory as MS_SLAVE: Permission denied
(sd-gens) failed with exit status 1.
Failed to fork off sandboxing environment for executing generators: Protocol error
[!!!!!!] Failed to start up manager.
Exiting PID 1...
So the actual errors seem to be:
PR_SET_MM_ARG_START failed: Operation not permittedFailed to remount root directory as MS_SLAVE: Permission denied
It looks a lot like Cannot start new distributions with systemd 255 · Issue #4402 · lxc/lxc · GitHub, so may another AppArmor issue?