I am evaluating LXD containers and I am setting up multiple, unprivileged LXD containers with Debian Stretch, running services with inbound connections, such as openssh-server, openvpn and rabbitmq-server.
So far everything seems to be working (I only had to comment a
LimitNPROC line on the unit file of openvpn), but most of the systemd services running inside the container show these errors:
Failed to reset devices.list: Operation not permitted openvpn.service: Failed to set invocation ID on control group /system.slice/openvpn.service, ignoring: Operation not permitted
Is there any way to fix it?