https://github.com/lxc/lxd/issues/5439#issuecomment-461257784
> The fix in LXD is only partial because there's currently no safe way for us to fix that for privileged containers due to an apparmor parser bug that the AppArmor team is still working on. So we've made the change only to the unprivileged policy for now as the AppArmor bug isn't causing too much damage in that case. There's no such distinction in profile in LXC, so putting those same lines in the LXC policy would allow every user to bypass all mount protections, which isn't acceptable from a security point of view. So the LXC fix is effectively blocked on the AppArmor security bug being resolved first. ** This bug is no longer a duplicate of bug 1813622 systemd-resolved, systemd-networkd and others fail to start in lxc container with v240 systemd ** Bug watch added: LXD bug tracker #5439 https://github.com/lxc/lxd/issues/5439 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1811248 Title: systemd--networkd mounts denied for lxc guest To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1811248/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
