Nested containers issues (permissions, zfs, possibly something else)

in web001 you should be able to get things working with:

  • mount -t tmpfs tmpfs /sys/kernel/security/
  • systemctl restart snapd
  • snap install lxd
  • lxc profile set default security.privileged true
  • lxc profile set default raw.lxc lxc.apparmor.profile=unchanged

That last one is needed as LXC also cannot access the profiles after everything got masked under /sys/kernel/security, so telling it to not change anything will have it behave as wanted.

1 Like