Some further input from the lxc dev team: > What systemd wants to do is the equivalent of executing mount --make-rslave / > on the commandline. The syscall from systemd specifically AFAICT is: > mount(NULL, "/", NULL, MS_REC|MS_SLAVE, NULL); As for the AppArmor profile rule, see https://github.com/lxc/lxc/blob/master/config/apparmor/abstractions/container-base.in#L94
I've pinged jjohansen from the AppArmor devs on irc about it and am hoping he's gonna find the time to dig into this soon. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1811248 Title: systemd--networkd mounts denied for lxc guest To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1811248/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
