as of 6e7038c066bc19e357692ea70f9bab8e38008c10 (and further fixes in 0d2a4fd005cd93f5c34166c12a7c5bc998c67c4f), the LXC and LXD download template images for Debian Bullseye (stable), Bookworm (testing), and Sid (unstable) use systemd-networkd and no longer ifupdown to manage networking. this means that you need "lxc.apparmor.profile = unconfined" in your ~/.config/lxc/default.conf for networking to work. the default setting of lxc-container-default-cgns no longer works. (Digression: I don't know what the "generated" setting is supposed to do, but I think it has never worked. none of suggestions here help.)
the issue (which is locked down, no additional comments permitted) hasn't seen movement in years.
what is systemd-networkd trying to do, that ifupdown wasn't, that runs into this Apparmor restriction? it looks like it's trying to mount something.
a workaround should be possible: let systemd-networkd run long enough to download and install ifupdown, disable (mask) systemd-networkd and enable ifupdown, and restore the apparmor setting to more restrictive. run the git commits above backward.
the new images reportedly work on LXD. what is LXD doing differently that avoids this Apparmor problem?
No comments :
Post a Comment