[Bug 1783305] Re: apparmor DENIED when a systemd unit with DynamicUsers=yes is launched in a lxd container

*** This bug is a duplicate of bug 1780227 *** https://bugs.launchpad.net/bugs/1780227 This is an AppArmor bug that I reported and which is tracked here: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1780227 So please close here in favor of that bug. Christian ** Changed in: lxd (Ubu

[Bug 1770481] [NEW] core: fall back to bind-mounts for PrivateDevices= execution environments

Public bug reported: Hey, Currently any service that has PrivateDevices=true set will fail to start in unprivileged containers since mknod is not possible and in privileged containers that drop CAP_MKNOD. I pushed a patch to systemd upstream that solves this problem and makes PrivateDevices useab

[Bug 1734410] [NEW] systemd: handle undelegated cgroup2 hierarchy

Public bug reported: Hey everyone, Current systemd versions all fail when the unified cgroup hierarchy is not-writable. This is especially problematic in containers where the systemd administrator might decide to not delegate the unified hierarchy or when running with a liblxc driver that doesn't

[Bug 1734409] [NEW] systemd-sysctl: exit gracefully on EPERM/EACCESS

Public bug reported: Hi everyone, systemd-sysctl in systemd versions prior to 232 will exit with FAILED when not being able to apply kernel variables. In containers it should simply move on and exit with SUCCESS. Upstream systemd carries appropriate patches for this already. The relevant commits

[Bug 1686361] [NEW] systemd does not respect nofile ulimit when running in container

Public bug reported: When systemd currently starts in a container that has RLIMIT_NOFILE set to e.g. 10 systemd will lower it to 65536 since this value is hard-coded into systemd. I've pushed a patch to systemd upstream that will try to set the nofile limit to the allowed kernel maximum. If t