Let me reiterate what I mentioned in the MM channel. The snap in question apparently uses device access in which case we'll set up device filtering. The host being impish, uses cgroup v2, which percolates to the container. Since it's v2, device filtering is implemented by attaching a BPF program on the cgorup, hence we need to have a separate group otherwise we'd break your session. Snap will ask your systemd --user to create a transient scope for the app, but looking at the logs this fails with:
Mar 17 16:13:22 b2 systemd[2487]: snap.snapcraft.snapcraft.237e42c2-4906-439b-a992-743647600bc6.scope: Failed to add PIDs to scope's control Mar 17 16:13:22 b2 systemd[2487]: snap.snapcraft.snapcraft.237e42c2-4906-439b-a992-743647600bc6.scope: Failed with result 'resources'. Mar 17 16:13:22 b2 systemd[2487]: Failed to start snap.snapcraft.snapcraft.237e42c2-4906-439b-a992-743647600bc6.scope. At this point running snap will fail and the sandbox cannot be completed. I think the main problem is why create transient scope fails the way it did, and whether systemd from bionic even works properly on a host with unified hierarchy. ** Also affects: systemd (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1965328 Title: transient scope could not be started error in bionic lxd container To manage notifications about this bug go to: https://bugs.launchpad.net/snappy/+bug/1965328/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs