Looks like a privileged container without nesting enabled. This gets some pretty strict apparmor rules to prevent trivial privilege escalation. I'm not sure that there's really much that can be done here especially considering the many issues with apparmor and its mount rules.
We allow a lot more in unprivileged containers because we don't really rely on apparmor there for security and so can relax rules quite a bit to make systemd and others happy. This relaxing makes bypass of mount rules trivial but the user namespace is the enforcement mechanism in that case and will prevent you from escaping. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1878225 Title: snapd.seeded.service waits forever (?) to have snaps seeded in LXD on s390x and arm64 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/lxd/+bug/1878225/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
